1f08c3bdfSopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later 2f08c3bdfSopenharmony_ci/* 3f08c3bdfSopenharmony_ci * Copyright (c) 2022 Cyril Hrubis <chrubis@suse.cz> 4f08c3bdfSopenharmony_ci */ 5f08c3bdfSopenharmony_ci 6f08c3bdfSopenharmony_ci/*\ 7f08c3bdfSopenharmony_ci * [Description] 8f08c3bdfSopenharmony_ci * 9f08c3bdfSopenharmony_ci * Test that kernel adds dummy argv[0] if empty argument list was passed to 10f08c3bdfSopenharmony_ci * execve(). This fixes at least one CVE where userspace programs start to 11f08c3bdfSopenharmony_ci * process argument list blindly from argv[1] such as polkit pkexec 12f08c3bdfSopenharmony_ci * CVE-2021-4034. 13f08c3bdfSopenharmony_ci * 14f08c3bdfSopenharmony_ci * See also https://lwn.net/Articles/883547/ 15f08c3bdfSopenharmony_ci */ 16f08c3bdfSopenharmony_ci 17f08c3bdfSopenharmony_ci#include <stdlib.h> 18f08c3bdfSopenharmony_ci#include <stdio.h> 19f08c3bdfSopenharmony_ci#include "tst_test.h" 20f08c3bdfSopenharmony_ci 21f08c3bdfSopenharmony_cistatic void verify_execve(void) 22f08c3bdfSopenharmony_ci{ 23f08c3bdfSopenharmony_ci pid_t pid; 24f08c3bdfSopenharmony_ci char path[512]; 25f08c3bdfSopenharmony_ci char ipc_env_var[1024]; 26f08c3bdfSopenharmony_ci 27f08c3bdfSopenharmony_ci sprintf(ipc_env_var, IPC_ENV_VAR "=%s", getenv(IPC_ENV_VAR)); 28f08c3bdfSopenharmony_ci 29f08c3bdfSopenharmony_ci char *const envp[] = {ipc_env_var, NULL}; 30f08c3bdfSopenharmony_ci char *const argv[] = {NULL}; 31f08c3bdfSopenharmony_ci 32f08c3bdfSopenharmony_ci if (tst_get_path("execve06_child", path, sizeof(path))) 33f08c3bdfSopenharmony_ci tst_brk(TCONF, "Couldn't find execve06_child in $PATH"); 34f08c3bdfSopenharmony_ci 35f08c3bdfSopenharmony_ci pid = SAFE_FORK(); 36f08c3bdfSopenharmony_ci if (pid == 0) { 37f08c3bdfSopenharmony_ci execve(path, argv, envp); 38f08c3bdfSopenharmony_ci tst_brk(TFAIL | TERRNO, "Failed to execute execve06_child"); 39f08c3bdfSopenharmony_ci } 40f08c3bdfSopenharmony_ci} 41f08c3bdfSopenharmony_ci 42f08c3bdfSopenharmony_cistatic struct tst_test test = { 43f08c3bdfSopenharmony_ci .forks_child = 1, 44f08c3bdfSopenharmony_ci .child_needs_reinit = 1, 45f08c3bdfSopenharmony_ci .test_all = verify_execve, 46f08c3bdfSopenharmony_ci .tags = (const struct tst_tag[]) { 47f08c3bdfSopenharmony_ci {"linux-git", "dcd46d897adb"}, 48f08c3bdfSopenharmony_ci {"CVE", "2021-4034"}, 49f08c3bdfSopenharmony_ci {} 50f08c3bdfSopenharmony_ci } 51f08c3bdfSopenharmony_ci}; 52