lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 11 Oct 2023 21:46:52 -0400
From:   Rik van Riel <riel@...riel.com>
To:     Alejandro Colomar <alx@...nel.org>
Cc:     linux-man@...r.kernel.org, kernel-team@...a.com,
        linux-kernel@...r.kernel.org,
        Matthew House <mattlloydhouse@...il.com>,
        Eric Biederman <ebiederm@...ssion.com>
Subject: [PATCH v5] execve.2: execve also returns E2BIG if a string is too
 long

The execve syscall returns -E2BIG in 3 cases:
- The total length of the command line arguments and environment is too large.
- An argument or environment string (including the NUL byte) is longer than MAX_ARG_STRLEN.
- The full path to the executable (including the NUL byte) exceeds MAX_ARG_STRLEN.

Spell out all 3 cases in the -E2BIG section.

Discovered by moving a too large commandline parameter to an environment
variable, and finding that things still did not work. Examined the code
in fs/exec.c to get the details.

This simple shell script starts failing at 2^17 on a system with 4kB
page size:
./exec2big.sh: line 10: /bin/true: Argument list too long
fork failed at loop 17

#!/bin/sh
STRING="a"

for loop in `seq 20`; do
	STRING="$STRING$STRING"
	export STRING
	if /bin/true ; then
		: # still under the limit
	else
		echo "fork failed at loop $loop"
	fi
done

Signed-off-by: Rik van Riel <riel@...riel.com>
Suggested-by: Matthew House <mattlloydhouse@...il.com>
---
 man2/execve.2 | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/man2/execve.2 b/man2/execve.2
index 0d9582492ad1..b689101771e5 100644
--- a/man2/execve.2
+++ b/man2/execve.2
@@ -449,7 +449,12 @@ The total number of bytes in the environment
 .RI ( envp )
 and argument list
 .RI ( argv )
-is too large.
+is too large,
+an argument or environment string is too long,
+or the full
+.I pathname
+of the executable is too long.
+The terminating NUL is counted as part of the string length.
 .TP
 .B EACCES
 Search permission is denied on a component of the path prefix of
-- 
2.41.0

Powered by blists - more mailing lists