From: Kees Cook > Sent: 26 January 2022 07:28 ... > > > >There shouldn't be anything legitimate actually doing this in userspace. > > I spoke too soon. > > Unfortunately, this is not the case: > https://codesearch.debian.net/search?q=execve%5C+*%5C%28%5B%5E%2C%5D%2B%2C+*NULL&literal=0 > > Lots of stuff likes to do: > execve(path, NULL, NULL); > > Do these things depend on argc==0 would be my next question... What about ensuring that argv[0] and argv[1] are always present and both NULL when argc is 0? Then programs that just scan from argv[1] until they get a NULL will always be fine. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
