Skip to content

Commit

Permalink
execve: disallow argc == 0
Browse files Browse the repository at this point in the history 
The manpage has contained the following verbiage on the matter for just
under 31 years:

"At least one argument must be present in the array"

Previous to this version, it had been prefaced with the weakening phrase
"By convention."

Carry through and document it the rest of the way.  Allowing argc == 0
has been a source of security issues in the past, and it's hard to
imagine a valid use-case for allowing it.  Toss back EINVAL if we ended
up not copying in any args for *execve().

The manpage change can be considered "Obtained from: OpenBSD"

(cherry picked from commit 773fa8c)
(cherry picked from commit c9afc76)
  • Loading branch information
@kevans91
kevans91 committed Feb 10, 2022
1 parent cd6bdac commit 7393eed
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 7 deletions.
5 changes: 4 additions & 1 deletion lib/libc/sys/execve.2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
.\" @(#)execve.2 8.5 (Berkeley) 6/1/94
.\" $FreeBSD$
.\"
.Dd March 30, 2020
.Dd January 26, 2022
.Dt EXECVE 2
.Os
.Sh NAME
Expand Down Expand Up @@ -273,6 +273,9 @@ Search permission is denied for a component of the path prefix.
The new process file is not an ordinary file.
.It Bq Er EACCES
The new process file mode denies execute permission.
.It Bq Er EINVAL
.Fa argv
did not contain at least one element.
.It Bq Er ENOEXEC
The new process file has the appropriate access
permission, but has an invalid magic number in its header.
Expand Down
9 changes: 3 additions & 6 deletions lib/libc/tests/gen/posix_spawn_test.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,17 +117,14 @@ ATF_TC_BODY(posix_spawnp_enoexec_fallback_null_argv0, tc)
{
char buf[FILENAME_MAX];
char *myargs[1];
int error, status;
pid_t pid, waitres;
int error;
pid_t pid;

snprintf(buf, sizeof(buf), "%s/spawnp_enoexec.sh",
atf_tc_get_config_var(tc, "srcdir"));
myargs[0] = NULL;
error = posix_spawnp(&pid, buf, NULL, NULL, myargs, myenv);
ATF_REQUIRE(error == 0);
waitres = waitpid(pid, &status, 0);
ATF_REQUIRE(waitres == pid);
ATF_REQUIRE(WIFEXITED(status) && WEXITSTATUS(status) == 42);
ATF_REQUIRE(error == EINVAL);
}

ATF_TP_ADD_TCS(tp)
Expand Down
6 changes: 6 additions & 0 deletions sys/kern/kern_exec.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -356,6 +356,12 @@ kern_execve(struct thread *td, struct image_args *args, struct mac *mac_p,
exec_args_get_begin_envv(args) - args->begin_argv);
AUDIT_ARG_ENVV(exec_args_get_begin_envv(args), args->envc,
args->endp - exec_args_get_begin_envv(args));

/* Must have at least one argument. */
if (args->argc == 0) {
exec_free_args(args);
return (EINVAL);
}
return (do_execve(td, args, mac_p, oldvmspace));
}

Expand Down

0 comments on commit 7393eed

Please sign in to comment.