From: Kees Cook <keescook@chromium.org>
To: Heikki Kallasjoki <heikki.kallasjoki@iki.fi>
Cc: Ariadne Conill <ariadne@dereferenced.org>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
Eric Biederman <ebiederm@xmission.com>,
Alexander Viro <viro@zeniv.linux.org.uk>
Subject: Re: [PATCH] fs/exec: require argv[0] presence in do_execveat_common()
Date: Wed, 26 Jan 2022 15:57:35 -0800 [thread overview]
Message-ID: <202201261545.D955A71E@keescook> (raw)
In-Reply-To: <YfE/owUY+gVnn2b/@selene.zem.fi>
On Wed, Jan 26, 2022 at 12:33:39PM +0000, Heikki Kallasjoki wrote:
> On Wed, Jan 26, 2022 at 05:18:58AM -0600, Ariadne Conill wrote:
> > On Tue, 25 Jan 2022, Kees Cook wrote:
> > > Lots of stuff likes to do:
> > > execve(path, NULL, NULL);
> >
> > I looked at these, and these seem to basically be lazily-written test cases
> > which should be fixed. I didn't see any example of real-world applications
> > doing this. As noted in some of the test cases, there are comments like
> > "Solaris doesn't support this," etc.
>
> See also the (small) handful of instances of `execlp(cmd, NULL);` out
> there, which I imagine would start to fail:
> https://codesearch.debian.net/search?q=execlp%3F%5Cs*%5C%28%5B%5E%2C%5D%2B%2C%5Cs*NULL&literal=0
>
> Two of the hits (ispell, nauty) would seem to be non-test use cases.
Ah yeah, I've added this to the Issue tracker:
https://github.com/KSPP/linux/issues/176
--
Kees Cook
next prev parent reply other threads:[~2022-01-26 23:57 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-26 4:39 [PATCH] fs/exec: require argv[0] presence in do_execveat_common() Ariadne Conill
2022-01-26 6:42 ` Kees Cook
2022-01-26 7:28 ` Kees Cook
2022-01-26 11:18 ` Ariadne Conill
2022-01-26 12:33 ` Heikki Kallasjoki
2022-01-26 23:57 ` Kees Cook [this message]
2022-01-27 0:20 ` Eric W. Biederman
2022-01-26 16:59 ` David Laight
2022-01-26 13:27 ` Rich Felker
2022-01-26 14:46 ` Christian Brauner
2022-01-26 17:37 ` Ariadne Conill
2022-02-01 20:54 ` hypervis0r
-- strict thread matches above, loose matches on Subject: below --
2022-01-26 15:02 Alexey Dobriyan
2022-01-27 0:00 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202201261545.D955A71E@keescook \
--to=keescook@chromium.org \
--cc=ariadne@dereferenced.org \
--cc=ebiederm@xmission.com \
--cc=heikki.kallasjoki@iki.fi \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.