Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 09 Jun 2023 12:40:46 -0500
From: Bobby Bingham <koorogi@...rogi.info>
To: musl@...ts.openwall.com, Rich Felker <dalias@...c.org>,
 Tali Auster <tali.auster@...il.com>
Subject: Re: execve with null envp

The Linux manpage explicitly says to not rely on this and that other systems are known to return EFAULT in this case.

https://www.man7.org/linux/man-pages/man2/execve.2.html#NOTES


On June 9, 2023 12:04:04 PM CDT, Rich Felker <dalias@...c.org> wrote:
>On Fri, Jun 09, 2023 at 09:05:15AM -0600, Tali Auster wrote:
>> Hello,
>> 
>> Is there any specific behavior specified when NULL is passed for
>> envp in any of the exec* methods that accept it? I took a quick look
>> at the source tree, and process/execve.c has a comment suggesting
>> that the correct behavior may be to use environ for envp before
>> passing the NULL to the syscall unchanged. My intuition - and, in
>> practice, Linux with glibc seems to agree - is that a NULL envp
>> means an empty environment. I imagine the answer to this question
>> may just be a vague shrug, but does POSIX mandate anything specific
>> here? Or, perhaps a question with a more clear answer, can my
>> userspace code call execve(pathname, argv, NULL) and reliably expect
>> the child to have an empty environment?
>> 
>> Hopefully this is on-topic for this list; regardless, thanks for any
>> help or direction y'all can provide!
>
>The only specification I'm aware of is:
>
>    "The argument envp is an array of character pointers to
>    null-terminated strings. These strings shall constitute the
>    environment for the new process image. The envp array is
>    terminated by a null pointer."
>
>So, if the caller fails to satisfy that part of the interface
>contract, the behavior is undefined.
>
>I'm not sure if there's any historical consistency on what happens
>here or if any implementations have the behavior the comment suggested
>might be "right", but short of research to establish that there's a
>reliable behavior and effort to standardize it, I think the clear
>solution here is "don't do that". It's easy to just pass (char*[]){0}
>instead of a null pointer.
>
>Rich

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.