commit 2a6a3d2c47626782f604a1fb4ec506c834efb47a · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

nixos/wrappers: require argc to be at least one

setuid applications were exploited in the past with an empty
argv, such as pkexec using CVE-2021-4034.

Konrad Borowski 3 years ago 2a6a3d2c 1009d6e7

options

unified split

Changed files

nixos

modules

security

wrappers

wrapper.c

nixos/modules/security/wrappers/wrapper.c

···

       170
       170
        
       }

     

       171
       171
        
       

     

       172
       172
        
       int main(int argc, char **argv) {

     

       173
       173
       +
           ASSERT(argc >= 1);

     

       173
       174
        
           char *self_path = NULL;

     

       174
       175
        
           int self_path_size = readlink_malloc("/proc/self/exe", &self_path);

     

       175
       176
        
           if (self_path_size < 0) {