nixos/modules/security/wrappers: limit argv0 to 512 bytes

This mitigates CVE-2023-6246, crucially without a mass-rebuild. Change-Id: I762a0d489ade88dafd3775d54a09f555dc8c2527
author: edef <edef@edef.eu> 2024-02-01 17:31:37 +0000
committer: edef <edef@edef.eu> 2024-02-01 18:16:55 +0000
commit: b4c9840652ec2fa8ac59b14a9b0349f5e474e07c (patch)
tree: 859e23db693a64bebe82cda9e6131cd94f69e745 /nixos/modules/security
parent: 97b17f32362e475016f942bbdfda4a4a72a8a652 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/nixos/modules/security/wrappers/wrapper.c b/nixos/modules/security/wrappers/wrapper.c
index 3277e7ef6f799..3e126875c6872 100644
--- a/nixos/modules/security/wrappers/wrapper.c
+++ b/nixos/modules/security/wrappers/wrapper.c
@@ -172,6 +172,13 @@ static int make_caps_ambient(const char *self_path) {
 int main(int argc, char **argv) {
     ASSERT(argc >= 1);
 
+    // argv[0] goes into a lot of places, to a far greater degree than other elements
+    // of argv. glibc has had buffer overflows relating to argv[0], eg CVE-2023-6246.
+    // Since we expect the wrappers to be invoked from either $PATH or /run/wrappers/bin,
+    // there should be no reason to pass any particularly large values here, so we can
+    // be strict for strictness' sake.
+    ASSERT(strlen(argv[0]) < 512);
+
     int debug = getenv(wrapper_debug) != NULL;
 
     // Drop insecure environment variables explicitly
author	edef <edef@edef.eu>	2024-02-01 17:31:37 +0000
committer	edef <edef@edef.eu>	2024-02-01 18:16:55 +0000
commit	b4c9840652ec2fa8ac59b14a9b0349f5e474e07c (patch)
tree	859e23db693a64bebe82cda9e6131cd94f69e745 /nixos/modules/security
parent	97b17f32362e475016f942bbdfda4a4a72a8a652 (diff)