Re: [PATCH v2] fs/exec: require argv[0] presence in do_execveat_common()

From: Matthew Wilcox
Date: Wed Jan 26 2022 - 09:59:57 EST

Next message: Thomas Zimmermann: "Re: [PATCH v1 0/4] fbtft: Unorphan the driver for maintenance"
Previous message: Liang, Kan: "Re: [PATCH] x86/perf: Default freeze_on_smi on for Comet Lake and later."
In reply to: Ariadne Conill: "Re: [PATCH v2] fs/exec: require argv[0] presence in do_execveat_common()"
Next in thread: Kees Cook: "Re: [PATCH v2] fs/exec: require argv[0] presence in do_execveat_common()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 26, 2022 at 11:44:47AM +0000, Ariadne Conill wrote:
> Interestingly, Michael Kerrisk opened an issue about this in 2008[1],
> but there was no consensus to support fixing this issue then.
> Hopefully now that CVE-2021-4034 shows practical exploitative use
> of this bug in a shellcode, we can reconsider.
>
> [0]: https://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html
> [1]: https://bugzilla.kernel.org/show_bug.cgi?id=8408

Having now read 8408 ... if ABI change is a concern (and I really doubt
it is), we could treat calling execve() with a NULL argv as if the
caller had passed an array of length 1 with the first element set to
NULL. Just like we reopen fds 0,1,2 for suid execs if they were closed.

Next message: Thomas Zimmermann: "Re: [PATCH v1 0/4] fbtft: Unorphan the driver for maintenance"
Previous message: Liang, Kan: "Re: [PATCH] x86/perf: Default freeze_on_smi on for Comet Lake and later."
In reply to: Ariadne Conill: "Re: [PATCH v2] fs/exec: require argv[0] presence in do_execveat_common()"
Next in thread: Kees Cook: "Re: [PATCH v2] fs/exec: require argv[0] presence in do_execveat_common()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]