From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id DD22BECAAD8 for ; Tue, 20 Sep 2022 14:43:27 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7332694000A; Tue, 20 Sep 2022 10:43:27 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6E32C940007; Tue, 20 Sep 2022 10:43:27 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5AA2594000A; Tue, 20 Sep 2022 10:43:27 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 4B1BE940007 for ; Tue, 20 Sep 2022 10:43:27 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 1FDC08046C for ; Tue, 20 Sep 2022 14:43:27 +0000 (UTC) X-FDA: 79932732054.18.FEB9F38 Received: from out01.mta.xmission.com (out01.mta.xmission.com [166.70.13.231]) by imf01.hostedemail.com (Postfix) with ESMTP id 9FF1740016 for ; Tue, 20 Sep 2022 14:43:25 +0000 (UTC) Received: from in02.mta.xmission.com ([166.70.13.52]:58122) by out01.mta.xmission.com with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from ) id 1oaeT5-007JKb-2U; Tue, 20 Sep 2022 08:43:23 -0600 Received: from ip68-110-29-46.om.om.cox.net ([68.110.29.46]:40460 helo=email.froward.int.ebiederm.org.xmission.com) by in02.mta.xmission.com with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from ) id 1oaeT2-00A5cd-1m; Tue, 20 Sep 2022 08:43:22 -0600 From: "Eric W. Biederman" To: Ren Zhijie Cc: , , , , , References: <20220920120812.231417-1-renzhijie2@huawei.com> Date: Tue, 20 Sep 2022 09:42:48 -0500 In-Reply-To: <20220920120812.231417-1-renzhijie2@huawei.com> (Ren Zhijie's message of "Tue, 20 Sep 2022 20:08:12 +0800") Message-ID: <87sfkmyumv.fsf@email.froward.int.ebiederm.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1oaeT2-00A5cd-1m;;;mid=<87sfkmyumv.fsf@email.froward.int.ebiederm.org>;;;hst=in02.mta.xmission.com;;;ip=68.110.29.46;;;frm=ebiederm@xmission.com;;;spf=softfail X-XM-AID: U2FsdGVkX18i+9VOR1RYod84Byw32gyuF/Em/c5q38s= X-SA-Exim-Connect-IP: 68.110.29.46 X-SA-Exim-Mail-From: ebiederm@xmission.com Subject: Re: [PATCH] exec: Force binary name when argv is empty X-SA-Exim-Version: 4.2.1 (built Sat, 08 Feb 2020 21:53:50 +0000) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1663685005; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TnmC9zZWdh4arQsFwlt1/LEXH1cMBiQ9wOKdr1MHY3o=; b=yUo43ODCfAafo4tkriCdTTliKLqFZlCxXLH+I94zDaVEzLrM+xGsmn1dEQO0bOOYhwue0o AGaQaGQU2M2HBZhWPT+VabqUM064r8up4/xbkr3XAu9BnuEdNTa8e/YpOIRa4F+UxdRZ0U EXULImsc5n49gO2kUt2P7o4H4D3SJEw= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=none; spf=pass (imf01.hostedemail.com: domain of ebiederm@xmission.com designates 166.70.13.231 as permitted sender) smtp.mailfrom=ebiederm@xmission.com; dmarc=pass (policy=none) header.from=xmission.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1663685005; a=rsa-sha256; cv=none; b=bMRPv3mMPgF2rwRznbSN0oHjC6zPKR5HFHQ4ZswWVSDAqUF2RJX1BNB1+bm/v2Hi1Qg76s g8zVxQZ9FVxY82fXrfSnjqLXzDqsYbjNbA4yYrrL0J6VggrzTGAH4cDwJU5RYa3ahvp9Qv fpIRI6Y65h6AUfq9YkFTllr9AMbRlsk= X-Rspam-User: Authentication-Results: imf01.hostedemail.com; dkim=none; spf=pass (imf01.hostedemail.com: domain of ebiederm@xmission.com designates 166.70.13.231 as permitted sender) smtp.mailfrom=ebiederm@xmission.com; dmarc=pass (policy=none) header.from=xmission.com X-Rspamd-Server: rspam04 X-Stat-Signature: j3sauq6ztm8zbsn17uu1qyp8gg91k8we X-Rspamd-Queue-Id: 9FF1740016 X-HE-Tag: 1663685005-448803 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Ren Zhijie writes: > From: Hui Tang > > First run './execv-main execv-child', there is empty in 'COMMAND' column > when run 'ps -u'. > > USER PID %CPU %MEM VSZ RSS TTY [...] TIME COMMAND > root 368 0.3 0.0 4388 764 ttyS0 0:00 ./execv-main > root 369 0.6 0.0 4520 812 ttyS0 0:00 > > The program 'execv-main' as follows: > > int main(int argc, char **argv) > { > char *execv_argv[] = {NULL}; > pid_t pid = fork(); > > if (pid == 0) { > execv(argv[1], execv_argv); > } else if (pid > 0) { > wait(NULL); > } > return 0; > } > > So replace empty string ("") added with the name of binary > when calling execve with a NULL argv. I do not understand the point of this patch. The command name is allowed to be anything. By convention it is the name of the binary but that is not required. For login shells it is always something else. The practical problem that commit dcd46d897adb ("exec: Force single empty string when argv is empty") addresses is that a NULL argv[0] is not expected by programs, and can be used to trigger bugs in those programs. Especially suid programs. The actual desired behavior is to simply have execve fail in that case. Unfortunately there are a few existing programs that depend on running that way, so we could not have such exec's fail. For a rare case that should essentially never happen why make it friendlier to use? Why not fix userspace to add the friendly name instead of the kernel? Unless there is a good reason for it, it would be my hope that in a couple of years all of the userspace programs that trigger the warning when they start up could be fixed, and we could have execve start failing in those cases. Eric > > Fixes: dcd46d897adb ("exec: Force single empty string when argv is empty") > Signed-off-by: Hui Tang > --- > fs/exec.c | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > > diff --git a/fs/exec.c b/fs/exec.c > index 939d76e23935..7d1909a89a57 100644 > --- a/fs/exec.c > +++ b/fs/exec.c > @@ -494,8 +494,8 @@ static int bprm_stack_limits(struct linux_binprm *bprm) > * signal to the parent that the child has run out of stack space. > * Instead, calculate it here so it's possible to fail gracefully. > * > - * In the case of argc = 0, make sure there is space for adding a > - * empty string (which will bump argc to 1), to ensure confused > + * In the case of argc = 0, make sure there is space for adding > + * bprm->filename (which will bump argc to 1), to ensure confused > * userspace programs don't start processing from argv[1], thinking > * argc can never be 0, to keep them from walking envp by accident. > * See do_execveat_common(). > @@ -1900,7 +1900,7 @@ static int do_execveat_common(int fd, struct filename *filename, > > retval = count(argv, MAX_ARG_STRINGS); > if (retval == 0) > - pr_warn_once("process '%s' launched '%s' with NULL argv: empty string added\n", > + pr_warn_once("process '%s' launched '%s' with NULL argv: bprm->filename added\n", > current->comm, bprm->filename); > if (retval < 0) > goto out_free; > @@ -1929,13 +1929,13 @@ static int do_execveat_common(int fd, struct filename *filename, > goto out_free; > > /* > - * When argv is empty, add an empty string ("") as argv[0] to > + * When argv is empty, add bprm->filename as argv[0] to > * ensure confused userspace programs that start processing > * from argv[1] won't end up walking envp. See also > * bprm_stack_limits(). > */ > if (bprm->argc == 0) { > - retval = copy_string_kernel("", bprm); > + retval = copy_string_kernel(bprm->filename, bprm); > if (retval < 0) > goto out_free; > bprm->argc = 1;