From nobody Wed Jan 26 20:05:01 2022
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id B564C1985C89;
	Wed, 26 Jan 2022 20:05:13 +0000 (UTC)
	(envelope-from kevans@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4JkZT54bXXz4rr0;
	Wed, 26 Jan 2022 20:05:13 +0000 (UTC)
	(envelope-from kevans@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1643227513;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=Hq27pevZWp7S5D5jdGhPiZqQ1SOUjI18JslyZB7FvEM=;
	b=QYurDEgcwvXP4V3/8NkT/oYqKwsIA8gSoxL7qDYOLiwxXjfApVujpntTHh+5mrutK9bw23
	OQ6uCptn5rQR7WQmm0bzmPHzcn6VE5/AlYF/9evMWX5c6fd0jRpZtwSjT0qvZvzCnONRc/
	PCkU4ffrxpA5gMCjx5FyJiFmJ3MBXJYCb8J6cTrfJ2Q8FmRYAUOPCWi9p3LaNiZSogrA6n
	kqGpDycNLcFMAVwvUzf/RdLPKrEs+mqzFeWVzAA/vsAzHpNIReVUCnwghjXN6fH3rKiVXr
	jYPSrhUcBn6s7oB68iV9XmQ43o/Vd7R5vMnt23syWMKhQ6/HM5ndn1iZ+pgvDw==
Received: from mail-qk1-f181.google.com (mail-qk1-f181.google.com [209.85.222.181])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	(Authenticated sender: kevans)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 793C72994D;
	Wed, 26 Jan 2022 20:05:13 +0000 (UTC)
	(envelope-from kevans@freebsd.org)
Received: by mail-qk1-f181.google.com with SMTP id o12so633643qke.5;
        Wed, 26 Jan 2022 12:05:13 -0800 (PST)
X-Gm-Message-State: AOAM530WC3s3nN7p0yodz95K6hrQ9wrT6a28i6kMNEwpoptViDr302iC
	4eGnNj26J+UgNQBX7J4dSiemY8N8OralboLIC7s=
X-Google-Smtp-Source: ABdhPJzDvMAds488EzVbQY7DZI6CEoc5k9sqBEL8lN90G/Q4gxf4r/L48alKTa5CcjtPs/UZ/0ZaSkbm5411W+XxrQc=
X-Received: by 2002:a37:e10d:: with SMTP id c13mr310604qkm.708.1643227513104;
 Wed, 26 Jan 2022 12:05:13 -0800 (PST)
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
References: <202201261941.20QJfYf6038425@gitrepo.freebsd.org> <202201262002.20QK23GH087609@slippy.cwsent.com>
In-Reply-To: <202201262002.20QK23GH087609@slippy.cwsent.com>
From: Kyle Evans <kevans@freebsd.org>
Date: Wed, 26 Jan 2022 14:05:01 -0600
X-Gmail-Original-Message-ID: <CACNAnaG-S6L+sr5pxm0+7tHgjxFmCF8XyZZvme2a90ZiQmSGWA@mail.gmail.com>
Message-ID: <CACNAnaG-S6L+sr5pxm0+7tHgjxFmCF8XyZZvme2a90ZiQmSGWA@mail.gmail.com>
Subject: Re: git: 773fa8cd136a - main - execve: disallow argc == 0
To: Cy Schubert <Cy.Schubert@cschubert.com>
Cc: src-committers <src-committers@freebsd.org>, 
	"<dev-commits-src-all@freebsd.org>" <dev-commits-src-all@freebsd.org>, dev-commits-src-main@freebsd.org
Content-Type: text/plain; charset="UTF-8"
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1643227513;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=Hq27pevZWp7S5D5jdGhPiZqQ1SOUjI18JslyZB7FvEM=;
	b=JdsiRTcGRn86NIy2ZXRETY04f2tyV64E0a4ROclseAoByd5A9sun+2+CBfKpKiEkBCDBw0
	6DlfU8J4sBt6QoLkvdlZZ6nwLnH9qd15av2jqtkIus9TtNX8TBc4jhqOAQ9ShQO9OJ6l/W
	dheRJn4qsM0v/WcNEUmoejRM4HqvBy8wElvnDD0YKpZNdYUCkyEWma3AQAqErZIJECXK+d
	DqG1zk8PqhToKjXxpvJ2e2V04N5peeSSAZjziw2fPRfZdG061lFEfjn349FzEuGfM1GFd0
	yWmA6XhV2pXcsGQ9ZkoAiYsDRDzUdmkndWnMd+5D+effvI/hyVEUutd6kCGnww==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1643227513; a=rsa-sha256; cv=none;
	b=YHqEiH0eyQvrNkqlAli/PmAxknPgpzsPeBbMqdpLfZBzBpltihZyeDC932M1BTR4yd5i2N
	uR/tzx6DUfCE4JHk/jwlnwNcpoU47cLP9INfJO40kY3GpStkPUX6753MUx4NQds/la6LcM
	tF7LIrDHF9HktEmShOygbzqibPgOuNSE/O5/+bXvoYClfF7vtHKhUGaIw4a/6YjyM3ayfh
	eb6QPdVGi9mfKKwpyQAteJnZ7zNXrFXjLQVV1c+hXMiqmnvN/nym7XtwaSlrHgfb2bZobX
	Ya9Cu9j5Zdy7GcRWbqNagDOHTvtC0BArWI/uTnQt9HWxm+NarWL/9OCaXWISxA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

On Wed, Jan 26, 2022 at 2:02 PM Cy Schubert <Cy.Schubert@cschubert.com> wrote:
>
> In message <202201261941.20QJfYf6038425@gitrepo.freebsd.org>, Kyle Evans
> writes
> :
> > The branch main has been updated by kevans:
> >
> > URL: https://cgit.FreeBSD.org/src/commit/?id=773fa8cd136a5775241c3e3a70f19976
> > 33ebeedf
> >
> > commit 773fa8cd136a5775241c3e3a70f1997633ebeedf
> > Author:     Kyle Evans <kevans@FreeBSD.org>
> > AuthorDate: 2022-01-25 22:47:23 +0000
> > Commit:     Kyle Evans <kevans@FreeBSD.org>
> > CommitDate: 2022-01-26 19:40:27 +0000
> >
> >     execve: disallow argc == 0
> >
> >     The manpage has contained the following verbiage on the matter for just
> >     under 31 years:
> >
> >     "At least one argument must be present in the array"
> >
> >     Previous to this version, it had been prefaced with the weakening phrase
> >     "By convention."
> >
> >     Carry through and document it the rest of the way.  Allowing argc == 0
> >     has been a source of security issues in the past, and it's hard to
> >     imagine a valid use-case for allowing it.  Toss back EINVAL if we ended
> >     up not copying in any args for *execve().
> >
> >     The manpage change can be considered "Obtained from: OpenBSD"
> >
> >     Reviewed by:    emaste, kib, markj (all previous version)
> >     Differential Revision:  https://reviews.freebsd.org/D34045
> > ---
> >  lib/libc/sys/execve.2 | 5 ++++-
> >  sys/kern/kern_exec.c  | 6 ++++++
> >  2 files changed, 10 insertions(+), 1 deletion(-)
> >
> > diff --git a/lib/libc/sys/execve.2 b/lib/libc/sys/execve.2
> > index a8f5aa14854b..1abadba13d91 100644
> > --- a/lib/libc/sys/execve.2
> > +++ b/lib/libc/sys/execve.2
> > @@ -28,7 +28,7 @@
> >  .\"     @(#)execve.2 8.5 (Berkeley) 6/1/94
> >  .\" $FreeBSD$
> >  .\"
> > -.Dd March 30, 2020
> > +.Dd January 26, 2022
> >  .Dt EXECVE 2
> >  .Os
> >  .Sh NAME
> > @@ -273,6 +273,9 @@ Search permission is denied for a component of the path p
> > refix.
> >  The new process file is not an ordinary file.
> >  .It Bq Er EACCES
> >  The new process file mode denies execute permission.
> > +.It Bq Er EINVAL
> > +.Fa argv
> > +did not contain at least one element.
> >  .It Bq Er ENOEXEC
> >  The new process file has the appropriate access
> >  permission, but has an invalid magic number in its header.
> > diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
> > index 0494b73fc405..303c145689ae 100644
> > --- a/sys/kern/kern_exec.c
> > +++ b/sys/kern/kern_exec.c
> > @@ -356,6 +356,12 @@ kern_execve(struct thread *td, struct image_args *args,
> > struct mac *mac_p,
> >           exec_args_get_begin_envv(args) - args->begin_argv);
> >       AUDIT_ARG_ENVV(exec_args_get_begin_envv(args), args->envc,
> >           args->endp - exec_args_get_begin_envv(args));
> > +
> > +     /* Must have at least one argument. */
> > +     if (args->argc == 0) {
> > +             exec_free_args(args);
> > +             return (EINVAL);
> > +     }
> >       return (do_execve(td, args, mac_p, oldvmspace));
> >  }
> >
> >
>
> Thank you. I think this might help me track down a bug in a port.
>
> Can we MFC this at some point?
>

I'll probably MFC these in a week or two, I can't imagine it will
cause any real damage.

Thanks,

Kyle Evans