Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed,  7 Jul 2021 21:15:19 -0300
From: Érico Nogueira <ericonr@...root.org>
To: musl@...ts.openwall.com
Cc: Érico Nogueira <ericonr@...root.org>
Subject: [PATCH] fix fexecve fallback code when fd is negative

even though passing negative fd values to fexecve shouldn't happen on
the part of any application, if it does happen and the current kernel
doesn't implement SYS_execveat, musl will call execve on
"/proc/self/fd/(unsigned)fd", which might be an existing, unrelated,
file.

this was introduced in commit c8c0844f7fbcb955848ca84432e5ffcf71f1cef1,
when fexecve started using __procfdname, which takes an unsigned integer
instead of signed one.

this also fixes the POSIX-compliance of the function, since POSIX
specifies:

  The fexecve() function shall fail if:

  EBADF  The fd argument is not a valid file descriptor open for
  executing.

this corner case was found while investigating usage of __procfdname.
all other cases are correct:

- fchmod,fchdir,fchown -> will fail the direct syscall first
- fchmodat -> is in the *at family so fd can be -1, only uses procfdname with another fd
- fstatat -> checks for fd>=0 in the branch that uses procfdname
- ttyname_r -> fd goes through isatty()
---
 src/process/fexecve.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/process/fexecve.c b/src/process/fexecve.c
index 554c1981..ab81b2d3 100644
--- a/src/process/fexecve.c
+++ b/src/process/fexecve.c
@@ -8,6 +8,8 @@ int fexecve(int fd, char *const argv[], char *const envp[])
 {
 	int r = __syscall(SYS_execveat, fd, "", argv, envp, AT_EMPTY_PATH);
 	if (r != -ENOSYS) return __syscall_ret(r);
+	else if (fd < 0) return __syscall_ret(-EBADF);
+
 	char buf[15 + 3*sizeof(int)];
 	__procfdname(buf, fd);
 	execve(buf, argv, envp);
-- 
2.32.0

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.