diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2024-02-01 20:10:43 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-02-01 20:10:43 +0100 |
commit | e3b81cedd4a07cecb2a00d9e6da1f8c04d85fd8a (patch) | |
tree | 944224145653cc0772713d3e91ceda1097ea8c05 | |
parent | 9d2e45caa5919ac28081c9614c7cb4a5d2eccd04 (diff) |
nixos/modules/security/wrappers: limit argv0 to 512 bytes (#285593)
This mitigates CVE-2023-6246, crucially without a mass-rebuild. Change-Id: I762a0d489ade88dafd3775d54a09f555dc8c2527 (cherry picked from commit b4c9840652ec2fa8ac59b14a9b0349f5e474e07c) Co-authored-by: edef <edef@edef.eu>
-rw-r--r-- | nixos/modules/security/wrappers/wrapper.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/nixos/modules/security/wrappers/wrapper.c b/nixos/modules/security/wrappers/wrapper.c index 3277e7ef6f799..3e126875c6872 100644 --- a/nixos/modules/security/wrappers/wrapper.c +++ b/nixos/modules/security/wrappers/wrapper.c @@ -172,6 +172,13 @@ static int make_caps_ambient(const char *self_path) { int main(int argc, char **argv) { ASSERT(argc >= 1); + // argv[0] goes into a lot of places, to a far greater degree than other elements + // of argv. glibc has had buffer overflows relating to argv[0], eg CVE-2023-6246. + // Since we expect the wrappers to be invoked from either $PATH or /run/wrappers/bin, + // there should be no reason to pass any particularly large values here, so we can + // be strict for strictness' sake. + ASSERT(strlen(argv[0]) < 512); + int debug = getenv(wrapper_debug) != NULL; // Drop insecure environment variables explicitly |