New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Passing a long argument to execve crashes the kernel #20
Comments
I thought that with this check in Lines 460 to 464 in 1c24d97
During a massive package build, one of the checks from some
(this WARNING message will be removed in the future). Besides this warning, there was no crash at all. That's what made me think that this problem was under control. I have executed your test program, which initially it returned
There is no crash. |
Thanks for looking at this. It can be seen by inspection of do_execve that copy_strings happens before elf_load and copy_strings has no length checking. Perhaps we can work together to figure out how to trigger a fault in your test scenario. However, I'm just leaving to go skiing today so we may have to do that tomorrow. Perhaps you could try longer arguments? |
I'll try with different argument sizes to see if I can get a crash. Anyway, the bug may exist as Have fun! |
Indeed, using greater values is easier to see the crash (actually the program segfault-ed and is terminated by the kernel). |
The following test program should crash Fiwix:
While there is argument and environment length checking in Fiwix, the checking is done too late to prevent the problem.
The GNU autoconf tool can perform checks that try to determine the maximum argument length that can be passed to a program, which triggers this crash.
A PR with a suggested fix is forthcoming.
The text was updated successfully, but these errors were encountered: