From owner-freebsd-hackers  Wed Dec 21 00:58:19 1994
Return-Path: hackers-owner
Received: (from root@localhost) by freefall.cdrom.com (8.6.9/8.6.6) id AAA00140 for hackers-outgoing; Wed, 21 Dec 1994 00:58:19 GMT
Received: from sovcom.kiae.su (sovcom.kiae.su [144.206.136.1]) by freefall.cdrom.com (8.6.9/8.6.6) with SMTP id AAA00129 for <FreeBSD-hackers@freebsd.org>; Wed, 21 Dec 1994 00:58:10 GMT
Received: by sovcom.kiae.su id AA19815
  (5.65.kiae-2  for FreeBSD-hackers@freebsd.org); Tue, 20 Dec 1994 15:19:31 +0300
Received: by elvisti.kiev.ua (uumail/ache)
	id AA18019; Tue, 20 Dec 1994 13:10:45 +0200
Xref: store comp.os.386bsd.bugs:796 comp.os.386bsd.questions:6868
Newsgroups: comp.os.386bsd.bugs,comp.os.386bsd.questions
Path: store!office.elvisti.kiev.ua!stesin
From: stesin@elvisti.kiev.ua (Andrew V. Stesin)
Subject: [?!] So, is this a bug in the kernel execve() code?
X-Newsreader: TIN [version 1.2 PL2]
Nntp-Posting-Host: office.elvisti.kiev.ua
Organization: Electronni Visti InformAgency (ElVisti)
Message-Id: <D1351I.AM5@store.elvisti.kiev.ua>
Date: Tue, 20 Dec 1994 01:20:06 GMT
Apparently-To: FreeBSD-hackers@freebsd.org
Sender: hackers-owner@freebsd.org
Precedence: bulk

Hi BSDers,

as I wrote a few days ago, there was a strange thing noticed
with FreeBSD-1.1.5R. Here is an (incorrect, I know! ;) program in C:

int 
main (int ac, char **av)
{
	return (execve("/bin/ls", av[1], 0));
}

anyway, given some command line parameters, this reboots the system 
immediately on our machine.
Your mileage may vary -- this is the shortest example from the set.
I can describe this as:

	broken arguments to execve() system call, 
	like nonterminated argv[] array, or random arguments, --

	may _often_ cause the immediate and silent OS reboot on our system.

This effect was discovered by Natalie Vinokurova, nata@bitmcnit.bryansk.su.
We tried to reproduce her example and (after a few attempts with "Bus error"
and segfaults) we found it... for a pity... :(

I tried to dig into that piece of kernel code, but sorry -- I'm not
a wisard, I'm not a kernel hacker, I'm not even on a mailing list.
I personally have no idea about how legal this behavior is and how to
fix it.  I don't even know -- was this reported yet or not?

So, questions.

	1. How valid the described behavior is? If it isn't considered
	   valid, how one can fix it?
	2. Is there a set of "official" patches for 1.1.5? Where?
	   We're running vanilla 1.1.5.0 kernel, I only replaced
	   some user-area utilities. Maybe some bugfix patches are
	   needed?

Thanks for your attention; comments and suggestions are welcome!

--
		With best wishes -- Andrew Stesin, 
					system administrator.