Skip to content

Enforce argv!=NULL to avoid confused userspace argv iteration when argc is assumed to always be >0 #176

New issue
New issue
Closed
Closed
Enforce argv!=NULL to avoid confused userspace argv iteration when argc is assumed to always be >0#176
Labels
[Linux] v5.18Released in Linux kernel v5.18[PATCH] AcceptedA submitted patch has been accepted upstream
@kees

Description

@kees
kees
opened on Jan 26, 2022

Calls of execve(..., NULL, ...) should be rejected by the kernel. It's nonsense and was used in a recent attack:
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt

This was reported back in 2008, too:
https://bugzilla.kernel.org/show_bug.cgi?id=8408

It should be trivial to fix, though there may be some corner cases that don't like it,
https://codesearch.debian.net/search?q=execve%5C+*%5C%28%5B%5E%2C%5D%2B%2C+*NULL&literal=0

such as valgrind's test suite:
https://sources.debian.org/src/valgrind/1:3.18.1-1/none/tests/execve.c/?hl=22#L22

For the patch thread, see:
https://lore.kernel.org/lkml/[email protected]

Metadata

Metadata

Assignees

No one assigned

    Labels

    [Linux] v5.18Released in Linux kernel v5.18[PATCH] AcceptedA submitted patch has been accepted upstream

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions