From: Matthew Wilcox <willy@infradead.org>
To: Ariadne Conill <ariadne@dereferenced.org>
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
Eric Biederman <ebiederm@xmission.com>,
Kees Cook <keescook@chromium.org>,
Alexander Viro <viro@zeniv.linux.org.uk>
Subject: Re: [PATCH v2] fs/exec: require argv[0] presence in do_execveat_common()
Date: Wed, 26 Jan 2022 14:59:52 +0000 [thread overview]
Message-ID: <YfFh6O2JS6MybamT@casper.infradead.org> (raw)
In-Reply-To: <20220126114447.25776-1-ariadne@dereferenced.org>
On Wed, Jan 26, 2022 at 11:44:47AM +0000, Ariadne Conill wrote:
> Interestingly, Michael Kerrisk opened an issue about this in 2008[1],
> but there was no consensus to support fixing this issue then.
> Hopefully now that CVE-2021-4034 shows practical exploitative use
> of this bug in a shellcode, we can reconsider.
>
> [0]: https://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html
> [1]: https://bugzilla.kernel.org/show_bug.cgi?id=8408
Having now read 8408 ... if ABI change is a concern (and I really doubt
it is), we could treat calling execve() with a NULL argv as if the
caller had passed an array of length 1 with the first element set to
NULL. Just like we reopen fds 0,1,2 for suid execs if they were closed.
next prev parent reply other threads:[~2022-01-26 14:59 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-26 11:44 [PATCH v2] fs/exec: require argv[0] presence in do_execveat_common() Ariadne Conill
2022-01-26 14:40 ` Matthew Wilcox
2022-01-26 17:41 ` Ariadne Conill
2022-01-26 14:59 ` Matthew Wilcox [this message]
2022-01-26 16:40 ` Kees Cook
2022-01-26 16:57 ` Eric W. Biederman
2022-01-26 17:32 ` Ariadne Conill
2022-01-26 18:03 ` Matthew Wilcox
2022-01-26 18:38 ` Ariadne Conill
2022-01-26 20:09 ` Kees Cook
2022-01-26 20:23 ` Ariadne Conill
2022-01-26 20:56 ` Kees Cook
2022-01-26 21:13 ` Ariadne Conill
2022-01-26 21:25 ` Kees Cook
2022-01-26 21:30 ` Ariadne Conill
2022-01-26 22:49 ` Kees Cook
2022-01-26 23:07 ` Ariadne Conill
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YfFh6O2JS6MybamT@casper.infradead.org \
--to=willy@infradead.org \
--cc=ariadne@dereferenced.org \
--cc=ebiederm@xmission.com \
--cc=keescook@chromium.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.