NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kern/56673: don't allow execve with NULL argv

The following reply was made to PR kern/56673; it has been noted by GNATS.

From: Christos Zoulas <>
Subject: Re: kern/56673: don't allow execve with NULL argv
Date: Mon, 31 Jan 2022 10:28:50 -0500

 Content-Transfer-Encoding: 7bit
 Content-Type: text/plain;
 > Obviously any setuid/setgid applications should be checked quickly,
 > as those might be able to be coerced to do something strange - but
 > for the rest, assuming that there are no ordinary invocations (and in
 > NetBSD base I assume not, as no-one is reporting any bugs with other
 > apps randomly crashing because of this) there is no big hurry to fix
 > any that are broken, as (assuming ls was to be one such program, just as
 > an example ... I have no reason to suspect that it is however, just for
 > the purposes of exposition in this message) that someone can write a
 > program to exec ls (or whatever) with no args, and have it do something
 > strange (including perhaps dump core) isn't really a problem for anyone
 > but them (whatever ls did in such a case they could simply write code
 > to do, and run it).
 In that case we should at least put the check for set*id programs, like we've
 done with file descriptors :-)
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
 Content-Type: application/pgp-signature;
 Content-Description: Message signed with OpenPGP
 Comment: GPGTools -

Home | Main Index | Thread Index | Old Index