Re: [PATCH] fs/exec: require argv[0] presence in do_execveat_common()

From: hypervis0r
Date: Tue Feb 01 2022 - 15:54:51 EST

Next message: Pavel Machek: "Re: [PATCH 4.4 00/25] 4.4.302-rc1 review"
Previous message: David Woodhouse: "[PATCH v4 7/9] x86/smpboot: Send INIT/SIPI/SIPI to secondary CPUs in parallel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm not really opposed to attempting to change this with consensus
(like, actually proposing it on the Austin Group tracker), but a less
invasive change would be just enforcing it for the case where exec is
a privilege boundary (suid/sgid/caps). There's really no motivation
for changing longstanding standard behavior in a
non-privilege-boundary case.

I don't really see it as a matter of "maintaining standard behavior".

there are very little uses for this ABI feature to be present and only serves to make applications harder to port between Linux and other *nix systems. The pros (major vulnerabilities like CVE-2021-4034) outweigh the cons (minor userland ABI change that only affects shellcode on shell-storm.org) in this particular scenario, and I am all for this patch.

Next message: Pavel Machek: "Re: [PATCH 4.4 00/25] 4.4.302-rc1 review"
Previous message: David Woodhouse: "[PATCH v4 7/9] x86/smpboot: Send INIT/SIPI/SIPI to secondary CPUs in parallel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]