On Fri, Apr 07, 2006 at 09:53:35AM +0900, Curt Sampson wrote:
> On Thu, 6 Apr 2006, Hubert Feyrer wrote:
> 
> >I think this only happens if argc isn't consistent with argv[]. Looking at 
> >the execl() etc. prototypes, it seems that "something" is calculating argc 
> >automatically, and that an inconsistent argc can't be passed in 
> >malliciously at least...
> 
> If execve doesn't carefully check its arguments, you could pass it an
> argv consisting of ["foo", NULL, "bar"], and that would do it.

NetBSD would violoate C99 if it allows that. 5.1.2.2.1, 2(3) explicitly
says: if argc is greater than zero, argv[0] through argv[argc - 1] shall
contain pointers to strings with implementation defined values. I don't
think NULL qualifies as such a string.

Joerg