On Mon, Jan 31, 2022 at 12:46:27PM -0800, Kees Cook wrote:
> On Mon, Jan 31, 2022 at 06:10:23PM +0100, Christian Brauner wrote:
> > There's a push by Ariadne to enforce that argv[0] cannot be NULL. So far
> > we've allowed this. Fix the execveat() invocations to set argv[0] to the
> > name of the file we're about to execute.
>
> To be clear, these tests are also trying to launch set-id binaries with
> argc == 0, so narrowing the kernel check to only set-id binaries
> wouldn't help here, yes?
Yes, that wouldn't help.
The new approach of mutating argv { NULL } into { "", NULL } is better.
