NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bin/38327: uu{en,de}code - any reason to use non-portable [sg]etprogname?



On Sat, Mar 29, 2008 at 03:55:02PM +0000, Aleksey Cheusov wrote:
 >  Not a discussion :) Just a note.
 >  Using setprogname(argv [0]) may be dangerous for SUID programs.
 >  Invalid argv [0] may be passed through execv(2).

More to the point, using getprogname() may be dangerous in setugid
programs. The information comes from argv[0] in any event. Have you
found any problematic uses?

(It is roughly similar to how using getenv() may be dangerous in
setugid programs.)

-- 
David A. Holland
dholland%netbsd.org@localhost


Home | Main Index | Thread Index | Old Index