Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp1353821pxb; Wed, 2 Feb 2022 03:05:20 -0800 (PST) X-Google-Smtp-Source: ABdhPJwpjbH+403SpFiuw316MAloYwpw6ctemx/nfopH5vi0OTsfP+QrF62rS5X9X1lVDmM/82bY X-Received: by 2002:a62:d143:: with SMTP id t3mr28960822pfl.52.1643799919904; Wed, 02 Feb 2022 03:05:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643799919; cv=none; d=google.com; s=arc-20160816; b=UE8yanmRdJa/vVKSWd/JflnC2aphRpcMFEIgkzp9KPsVKbjG3gSHGbi3sPDdbxKMJQ xzwB6nfOpRDNPEraXAT7/B0SAlqiLo/eMCB+T2D+VUjaNRNIipWnzxWIp69AXXYZ8cBV 33/zf9IYSTobmmPP57kc5HKBf+ZCV+5+wxfronJWgzzrNb9gfbC4Zny/YAb8lPu7nQbr TtLituLEkJ8Ta9D58cW2nxYEZMKx+FR2f/FKc3UH7aNlm/DwhQfFkQrXiDDiM1d87RFi /ZFyq8p/12uCZNQjLwuf3DSzc+W9FQQB7TdcAXDHIp/XGzjw6CsnOQLnncduwxwtKyu8 d4lQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :mime-version:accept-language:in-reply-to:references:message-id:date :thread-index:thread-topic:subject:cc:to:from; bh=LUZv8nWBnnBc2cbQg3vEKV6buh8r/WE6IlMWrpnyOQ4=; b=k25EmZNvESi4gbcO5HIuFahAUB41bSz2UAfF7O59x18iSnKCGQC0QltCPspWGJvyRJ lUwJ9/FQHioMb5mMcobnjP8lyFHKOcWeZ9h1y9TYTvRhbyKFOQQobyvCf8knrY98Y4D4 SDvsjIbYuI/lyH0MrMB5ggSZBjCiANZh7R9wEivbIi92iWmzp7VO4/LCwJP7BuB2EygP 8bFRtzgpzNieYbEcvs6fa2Zpngkw2Yt4PELfhXlNRqqQK7nhiftOR+10hkZ86OJBUroN NPyEpOuCBXy1dQwrNms8gcqvCiYRN0/k+yepXigB7vtpOW+YYjRXWhERHz5zh+siH4gB ZPyw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l73si4191259pge.349.2022.02.02.03.05.07; Wed, 02 Feb 2022 03:05:19 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231691AbiBAJR4 convert rfc822-to-8bit (ORCPT + 99 others); Tue, 1 Feb 2022 04:17:56 -0500 Received: from eu-smtp-delivery-151.mimecast.com ([185.58.85.151]:41744 "EHLO eu-smtp-delivery-151.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234633AbiBAJRy (ORCPT ); Tue, 1 Feb 2022 04:17:54 -0500 Received: from AcuMS.aculab.com (156.67.243.121 [156.67.243.121]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id uk-mta-140-GeVL98cmMJWo6_nFsA2gAQ-1; Tue, 01 Feb 2022 09:17:48 +0000 X-MC-Unique: GeVL98cmMJWo6_nFsA2gAQ-1 Received: from AcuMS.Aculab.com (fd9f:af1c:a25b:0:994c:f5c2:35d6:9b65) by AcuMS.aculab.com (fd9f:af1c:a25b:0:994c:f5c2:35d6:9b65) with Microsoft SMTP Server (TLS) id 15.0.1497.28; Tue, 1 Feb 2022 09:17:47 +0000 Received: from AcuMS.Aculab.com ([fe80::994c:f5c2:35d6:9b65]) by AcuMS.aculab.com ([fe80::994c:f5c2:35d6:9b65%12]) with mapi id 15.00.1497.028; Tue, 1 Feb 2022 09:17:47 +0000 From: David Laight To: 'Kees Cook' , Andrew Morton CC: Ariadne Conill , Michael Kerrisk , Matthew Wilcox , "Christian Brauner" , Rich Felker , Eric Biederman , Alexander Viro , "linux-fsdevel@vger.kernel.org" , "stable@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "linux-hardening@vger.kernel.org" Subject: RE: [PATCH] exec: Force single empty string when argv is empty Thread-Topic: [PATCH] exec: Force single empty string when argv is empty Thread-Index: AQHYFwALh17Nc4lWIEewOStTbNpbHKx+aiLA Date: Tue, 1 Feb 2022 09:17:47 +0000 Message-ID: <78959c88715049a4be00fc75bb333d3a@AcuMS.aculab.com> References: <20220201000947.2453721-1-keescook@chromium.org> In-Reply-To: <20220201000947.2453721-1-keescook@chromium.org> Accept-Language: en-GB, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.202.205.107] MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=C51A453 smtp.mailfrom=david.laight@aculab.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: aculab.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Kees Cook > Sent: 01 February 2022 00:10 ... > While the initial code searches[6][7] turned up what appeared to be > mostly corner case tests, trying to that just reject argv == NULL > (or an immediately terminated pointer list) quickly started tripping[8] > existing userspace programs. > > The next best approach is forcing a single empty string into argv and > adjusting argc to match. The number of programs depending on argc == 0 > seems a smaller set than those calling execve with a NULL argv. Has anyone considered using the pathname for argv[0]? So converting: execl(path, NULL); into: execl(path, path, NULL); I've not spotted any such suggestion. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)