Re: [PATCH] generic/633: adapt execveat() invocations

From: Christian Brauner
Date: Tue Feb 01 2022 - 08:31:13 EST

Next message: Christophe Leroy: "Re: [PATCH] powerpc/xive: Add some error handling code to 'xive_spapr_init()'"
Previous message: Mark Rutland: "[PATCH v3 5/5] kvm/mips: rework guest entry logic"
Next in thread: David Laight: "RE: [PATCH] generic/633: adapt execveat() invocations"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jan 31, 2022 at 12:46:27PM -0800, Kees Cook wrote:
> On Mon, Jan 31, 2022 at 06:10:23PM +0100, Christian Brauner wrote:
> > There's a push by Ariadne to enforce that argv[0] cannot be NULL. So far
> > we've allowed this. Fix the execveat() invocations to set argv[0] to the
> > name of the file we're about to execute.
>
> To be clear, these tests are also trying to launch set-id binaries with
> argc == 0, so narrowing the kernel check to only set-id binaries
> wouldn't help here, yes?

Yes, that wouldn't help.
The new approach of mutating argv { NULL } into { "", NULL } is better.

Next message: Christophe Leroy: "Re: [PATCH] powerpc/xive: Add some error handling code to 'xive_spapr_init()'"
Previous message: Mark Rutland: "[PATCH v3 5/5] kvm/mips: rework guest entry logic"
Next in thread: David Laight: "RE: [PATCH] generic/633: adapt execveat() invocations"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]