From nobody Wed Jan 26 19:41:34 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id DE97B197653C; Wed, 26 Jan 2022 19:41:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JkYxp616pz4hXP; Wed, 26 Jan 2022 19:41:34 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1643226094; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jIUqGmeLr63YsnBCu36KT8q0cgN7qE+76L6toKl7lgE=; b=gKxddbti6tjyD4sXBw7swzXEIFgIvZZQDkSYDpKWpJ+BolIhvoC4yTW5XSxgNST3+l+Krb K9k6qZpdm9MVrm7eANOma/peMQxZUZzkVOJFqcfvc4WAI1/sMUGnMJfcRJYAnFUU6aAL7M K3MczJHuYhggNbCKxFwLBqP1GlB1/bq/5wa3VqMbYFabLQlUsVVMkG73e4bdKaoaJWM8EE 9f//0J0pywxGdzUOGcCzs5T+EPaaj/Sa9cMJj7Ff+LdnOnWlHSp9tnqOMQmes5xkscokUo 2pSi89aglZdv4Bd5y52Fig+rGH4VwGagIJvQ83zsC1RqdBHPeIt/G5IwJzzSXw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id AEF1845B; Wed, 26 Jan 2022 19:41:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 20QJfYRS038426; Wed, 26 Jan 2022 19:41:34 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 20QJfYf6038425; Wed, 26 Jan 2022 19:41:34 GMT (envelope-from git) Date: Wed, 26 Jan 2022 19:41:34 GMT Message-Id: <202201261941.20QJfYf6038425@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kyle Evans Subject: git: 773fa8cd136a - main - execve: disallow argc == 0 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 773fa8cd136a5775241c3e3a70f1997633ebeedf Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1643226094; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jIUqGmeLr63YsnBCu36KT8q0cgN7qE+76L6toKl7lgE=; b=JrQqPSuUB45J/DJTnte2R95Z9bkW7Do08niwU+3S/3wJO6sissOL9Da16c1qc0UoD5URVn e1/nMTez5Vwz8dhNs2VtJr06f1BvhtGmeUKOPa13R/sGp21wN18Mw0SQdUm4D8m+kGIBis FSffPDeQFf1AeiwkMoGeDse6dMJhC70ODlNQVYpX/IAka4EtWPd409YvmZqk7JCemyaLxn q8mxlPYNoUxsqtqrzmvvGC7ItMtlOwYSuwd8CeZSM2vZJf+32fsZVGXw55RNFDSgpm+c66 UKogxjdIkTGCHDytRgObeiopoyXIhnfIa35eREUa3earGX9x7qDSKtu4AoaCvg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1643226094; a=rsa-sha256; cv=none; b=AaFUh/Ea+QUEW0W8Vo6H9lYicHSeV+ZPAQNUx9lOsrEzTsrASdWSKuuEE0EyeoCyTQSClZ hzo8kivJ91xHKReCWIvlBCrPTrxvCJiHucpFMKnDMVrjJN1ILipYmc8+DkiPIPiZLDjfi9 xyYmxBwhA82jMFIeaozD8ZVp8zR7jaHa/mzNMCjR0WqbeqkLMnAqVycnF24sAoMZPS+Qf3 jMoe5M7wpm8aDR5QS+Xr9x1DEU3QC1W/TBqBYrRPLNRrQWjfZqzq9tm1JTPNmNrC4a9pJW u7QpaQzfSxUsRt25QqkkH94neTAuco/w9tuSMYxNz4YMY8AMBfkNVttCdt+51g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=773fa8cd136a5775241c3e3a70f1997633ebeedf commit 773fa8cd136a5775241c3e3a70f1997633ebeedf Author: Kyle Evans AuthorDate: 2022-01-25 22:47:23 +0000 Commit: Kyle Evans CommitDate: 2022-01-26 19:40:27 +0000 execve: disallow argc == 0 The manpage has contained the following verbiage on the matter for just under 31 years: "At least one argument must be present in the array" Previous to this version, it had been prefaced with the weakening phrase "By convention." Carry through and document it the rest of the way. Allowing argc == 0 has been a source of security issues in the past, and it's hard to imagine a valid use-case for allowing it. Toss back EINVAL if we ended up not copying in any args for *execve(). The manpage change can be considered "Obtained from: OpenBSD" Reviewed by: emaste, kib, markj (all previous version) Differential Revision: https://reviews.freebsd.org/D34045 --- lib/libc/sys/execve.2 | 5 ++++- sys/kern/kern_exec.c | 6 ++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/libc/sys/execve.2 b/lib/libc/sys/execve.2 index a8f5aa14854b..1abadba13d91 100644 --- a/lib/libc/sys/execve.2 +++ b/lib/libc/sys/execve.2 @@ -28,7 +28,7 @@ .\" @(#)execve.2 8.5 (Berkeley) 6/1/94 .\" $FreeBSD$ .\" -.Dd March 30, 2020 +.Dd January 26, 2022 .Dt EXECVE 2 .Os .Sh NAME @@ -273,6 +273,9 @@ Search permission is denied for a component of the path prefix. The new process file is not an ordinary file. .It Bq Er EACCES The new process file mode denies execute permission. +.It Bq Er EINVAL +.Fa argv +did not contain at least one element. .It Bq Er ENOEXEC The new process file has the appropriate access permission, but has an invalid magic number in its header. diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index 0494b73fc405..303c145689ae 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -356,6 +356,12 @@ kern_execve(struct thread *td, struct image_args *args, struct mac *mac_p, exec_args_get_begin_envv(args) - args->begin_argv); AUDIT_ARG_ENVV(exec_args_get_begin_envv(args), args->envc, args->endp - exec_args_get_begin_envv(args)); + + /* Must have at least one argument. */ + if (args->argc == 0) { + exec_free_args(args); + return (EINVAL); + } return (do_execve(td, args, mac_p, oldvmspace)); }