lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 11 Oct 2023 12:43:01 -0400
From:   Rik van Riel <riel@...riel.com>
To:     Alejandro Colomar <alx@...nel.org>
Cc:     linux-man@...r.kernel.org, kernel-team@...a.com,
        linux-kernel@...r.kernel.org,
        Matthew House <mattlloydhouse@...il.com>,
        Eric Biederman <ebiederm@...ssion.com>
Subject: [PATCH v3] execve.2: execve also returns E2BIG if a string is too
 long

The execve syscall returns -E2BIG in 3 cases:
- The total length of the command line arguments and environment is too large.
- An argument or environment string is longer than MAX_ARG_STRLEN.
- The full path to the executable exceeds MAX_ARG_STRLEN.

Spell out all 3 cases in the -E2BIG section.

Discovered by moving a too large commandline parameter to an environment
variable, and finding that things still did not work. Examined the code
in fs/exec.c to get the details.

This shell script starts failing at 2^17 on a system with 4kB page size:

./exec2big.sh: line 10: /bin/true: Argument list too long
fork failed at loop 17

STRING="a"

for loop in `seq 20`; do
	STRING="$STRING$STRING"
	export STRING
	if /bin/true ; then
		: # still under the limit
	else
		echo "fork failed at loop $loop"
	fi
done

Signed-off-by: Rik van Riel <riel@...riel.com>
Suggested-by: Matthew House <mattlloydhouse@...il.com>
---
 man2/execve.2 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/man2/execve.2 b/man2/execve.2
index 0d9582492ad1..85c6ec15df3c 100644
--- a/man2/execve.2
+++ b/man2/execve.2
@@ -449,7 +449,8 @@ The total number of bytes in the environment
 .RI ( envp )
 and argument list
 .RI ( argv )
-is too large.
+is too large, an argument or environment string is too long, or
+the full path name to the executable is too long.
 .TP
 .B EACCES
 Search permission is denied on a component of the path prefix of
-- 
2.41.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ