Re: collectargs behaviour on argc==0

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: collectargs behaviour on argc==0
From: Roberto Ierusalimschy <roberto@...>
Date: 2022年1月27日 12:40:54 -0300

> lua.c collectargs seems to assume that argv has at least one element
> (the binary's name, by convention). As people have recently
> (re)discovered, some OSes (e.g. Linux) don't guarantee that [0] which
> enables up some attack vectors [1]. I don't think many people run
> standalone Lua setuid, but you might want to check for this anyway for
> correctness.
Many thanks for the report.
-- Roberto

References:
- collectargs behaviour on argc==0, Sergey Zakharchenko

Prev by Date: collectargs behaviour on argc==0
Next by Date: Re: collectargs behaviour on argc==0
Previous by thread: collectargs behaviour on argc==0
Next by thread: Re: collectargs behaviour on argc==0
Index(es):
- Date
- Thread