collectargs behaviour on argc==0

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: collectargs behaviour on argc==0
From: Sergey Zakharchenko <doublef.mobile@...>
Date: Thu, 27 Jan 2022 11:38:58 +0300

Hello,

lua.c collectargs seems to assume that argv has at least one element
(the binary's name, by convention). As people have recently
(re)discovered, some OSes (e.g. Linux) don't guarantee that [0] which
enables up some attack vectors [1]. I don't think many people run
standalone Lua setuid, but you might want to check for this anyway for
correctness.

Best regards,

-- 
DoubleF

[0] https://bugzilla.kernel.org/show_bug.cgi?id=8408
[1] https://www.openwall.com/lists/oss-security/2022/01/25/11

Follow-Ups:
- Re: collectargs behaviour on argc==0, Roberto Ierusalimschy
- Re: collectargs behaviour on argc==0, Paul Ducklin

Prev by Date: [ANN] Lua 5.4.4 now available
Next by Date: Re: collectargs behaviour on argc==0
Previous by thread: [ANN] Lua 5.4.4 now available
Next by thread: Re: collectargs behaviour on argc==0
Index(es):
- Date
- Thread