This is the mail archive of the
mailing list for the glibc project.
Re: [PATCH v2 0/3] posix: Execute file function fixes
- From: Paul Eggert <eggert at cs dot ucla dot edu>
- To: Joseph Myers <joseph at codesourcery dot com>
- Cc: Adhemerval Zanella <adhemerval dot zanella at linaro dot org>, libc-alpha at sourceware dot org
- Date: Fri, 19 Feb 2016 15:26:19 -0800
- Subject: Re: [PATCH v2 0/3] posix: Execute file function fixes
- Authentication-results: sourceware.org; auth=none
- References: <1455905134-21014-1-git-send-email-adhemerval dot zanella at linaro dot org> <56C75FE3 dot 2030606 at cs dot ucla dot edu> <alpine dot DEB dot 2 dot 10 dot 1602192308420 dot 4533 at digraph dot polyomino dot org dot uk>
On 02/19/2016 03:11 PM, Joseph Myers wrote:
This is a case where, as noted in
<https://sourceware.org/ml/libc-alpha/2016-02/msg00044.html>, the stack
usage is proportional to the number of arguments passed by the caller -
that is, it's something determined statically at compile time, not under
the control of an attacker.
True, and that removes most of my objection to the change to execl,
execle, and execlp. This limitation should be documented, though. (I
still like the idea of reusing the stack and removing the limitation,
but that's lower priority.)
However, the objection remains for posix_spawn and posix_spawnp, where
the number of arguments is not determined statically. Luckily these two
functions do not need to be async-signal-safe, so they can call malloc
when there are too many arguments.