lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 31 Jan 2022 18:10:23 +0100
From:   Christian Brauner <brauner@...nel.org>
To:     Eryu Guan <guan@...u.me>, fstests@...r.kernel.org
Cc:     Ariadne Conill <ariadne@...eferenced.org>,
        Kees Cook <keescook@...omium.org>,
        Rich Felker <dalias@...c.org>,
        Michael Kerrisk <mtk.manpages@...il.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Matthew Wilcox <willy@...radead.org>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        Christian Brauner <brauner@...nel.org>,
        Eryu Guan <guaneryu@...il.com>
Subject: [PATCH] generic/633: adapt execveat() invocations

There's a push by Ariadne to enforce that argv[0] cannot be NULL. So far
we've allowed this. Fix the execveat() invocations to set argv[0] to the
name of the file we're about to execute.

Cc: Ariadne Conill <ariadne@...eferenced.org>
Cc: Kees Cook <keescook@...omium.org>
Cc: Rich Felker <dalias@...c.org>
Cc: Eryu Guan <guaneryu@...il.com>
Cc: Michael Kerrisk <mtk.manpages@...il.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>
Cc: Matthew Wilcox <willy@...radead.org>
Cc: fstests@...r.kernel.org
Cc: linux-fsdevel@...r.kernel.org
Cc: linux-kernel@...r.kernel.org
Link: https://lore.kernel.org/lkml/20220127000724.15106-1-ariadne@dereferenced.org
Signed-off-by: Christian Brauner <brauner@...nel.org>
---
 src/idmapped-mounts/idmapped-mounts.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/idmapped-mounts/idmapped-mounts.c b/src/idmapped-mounts/idmapped-mounts.c
index 4cf6c3bb..76b559ae 100644
--- a/src/idmapped-mounts/idmapped-mounts.c
+++ b/src/idmapped-mounts/idmapped-mounts.c
@@ -3598,7 +3598,7 @@ static int setid_binaries(void)
 			NULL,
 		};
 		static char *argv[] = {
-			NULL,
+			"",
 		};
 
 		if (!expected_uid_gid(t_dir1_fd, FILE1, 0, 5000, 5000))
@@ -3726,7 +3726,7 @@ static int setid_binaries_idmapped_mounts(void)
 			NULL,
 		};
 		static char *argv[] = {
-			NULL,
+			"",
 		};
 
 		if (!expected_uid_gid(open_tree_fd, FILE1, 0, 15000, 15000))
@@ -3865,7 +3865,7 @@ static int setid_binaries_idmapped_mounts_in_userns(void)
 			NULL,
 		};
 		static char *argv[] = {
-			NULL,
+			"",
 		};
 
 		if (!switch_userns(attr.userns_fd, 0, 0, false))
@@ -3924,7 +3924,7 @@ static int setid_binaries_idmapped_mounts_in_userns(void)
 			NULL,
 		};
 		static char *argv[] = {
-			NULL,
+			"",
 		};
 
 		if (!caps_supported()) {
@@ -3992,7 +3992,7 @@ static int setid_binaries_idmapped_mounts_in_userns(void)
 			NULL,
 		};
 		static char *argv[] = {
-			NULL,
+			"",
 		};
 
 		if (!switch_userns(attr.userns_fd, 0, 0, false))
@@ -4150,7 +4150,7 @@ static int setid_binaries_idmapped_mounts_in_userns_separate_userns(void)
 			NULL,
 		};
 		static char *argv[] = {
-			NULL,
+			"",
 		};
 
 		userns_fd = get_userns_fd(0, 10000, 10000);
@@ -4214,7 +4214,7 @@ static int setid_binaries_idmapped_mounts_in_userns_separate_userns(void)
 			NULL,
 		};
 		static char *argv[] = {
-			NULL,
+			"",
 		};
 
 		userns_fd = get_userns_fd(0, 10000, 10000);
@@ -4286,7 +4286,7 @@ static int setid_binaries_idmapped_mounts_in_userns_separate_userns(void)
 			NULL,
 		};
 		static char *argv[] = {
-			NULL,
+			"",
 		};
 
 		userns_fd = get_userns_fd(0, 10000, 10000);

base-commit: d8dee1222ecdfa1cff1386a61248e587eb3b275d
-- 
2.32.0

Powered by blists - more mailing lists