On Linux execve() can be called with a NULL argv, which results inargc being s

1. On Linux execve() can be called with a NULL argv, which results in
2. argc being set to zero and an empty list for argv. Doing so causes the
3. polkit applications to misbehave, for example:
4.  
5.   $ python
6.   >>> import os
7.   >>> os.execve("/usr/bin/pkexec", [], {"FOO":"aaaaaaaaa"})
8.   Cannot run program FOO=aaaaaaaaa: No such file or directory
9.  
10. While this doesn't appear to have an further impact, setuid binaries
11. should be hardened against any possible misuse. Add an explicit check
12. for argc == 0 to all of the polkit applications.
13.  
14. Signed-off-by: Ryan Mallon <rmallon@gmail.com>
15. ---
16.  
17.  src/programs/pkaction.c   |   10 ++++++++++
18.  src/programs/pkcheck.c    |   10 ++++++++++
19.  src/programs/pkexec.c     |   10 ++++++++++
20.  src/programs/pkttyagent.c |   10 ++++++++++
21.  4 files changed, 40 insertions(+)
22.  
23. diff --git a/src/programs/pkaction.c b/src/programs/pkaction.c
24. index f17a7dc..1034a82 100644
25. --- a/src/programs/pkaction.c
26. +++ b/src/programs/pkaction.c
27. @@ -121,6 +121,16 @@ main (int argc, char *argv[])
28.    actions = NULL;
29.    ret = 1;
30.  
31. +  /*
32. +   * Linux allows an empty list to be passed for argv. This is a non-standard
33. +   * (mis)feature, so don't allow it.
34. +   */
35. +  if (argc == 0)
36. +    {
37. +      g_printerr("Refusing to accept empty argv\n");
38. +      goto out;
39. +    }
40. +
41.    g_type_init ();
42.  
43.    opt_show_version = FALSE;
44. diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
45. index 5781893..c2352e3 100644
46. --- a/src/programs/pkcheck.c
47. +++ b/src/programs/pkcheck.c
48. @@ -362,6 +362,16 @@ main (int argc, char *argv[])
49.    local_agent_handle = NULL;
50.    ret = 126;
51.  
52. +  /*
53. +   * Linux allows an empty list to be passed for argv. This is a non-standard
54. +   * (mis)feature, so don't allow it.
55. +   */
56. +  if (argc == 0)
57. +    {
58. +      g_printerr("Refusing to accept empty argv\n");
59. +      goto out;
60. +    }
61. +
62.    g_type_init ();
63.  
64.    details = polkit_details_new ();
65. diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
66. index a7ca8e0..88363c0 100644
67. --- a/src/programs/pkexec.c
68. +++ b/src/programs/pkexec.c
69. @@ -502,6 +502,16 @@ main (int argc, char *argv[])
70.    opt_user = NULL;
71.    local_agent_handle = NULL;
72.  
73. +  /*
74. +   * Linux allows an empty list to be passed for argv. This is a non-standard
75. +   * (mis)feature, so don't allow it.
76. +   */
77. +  if (argc == 0)
78. +    {
79. +      g_printerr("Refusing to accept empty argv\n");
80. +      goto out;
81. +    }
82. +
83.    /* check for correct invocation */
84.    if (geteuid () != 0)
85.      {
86. diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c
87. index 423b728..ed3caa5 100644
88. --- a/src/programs/pkttyagent.c
89. +++ b/src/programs/pkttyagent.c
90. @@ -74,6 +74,16 @@ main (int argc, char *argv[])
91.    guint ret = 126;
92.    GVariantBuilder builder;
93.  
94. +  /*
95. +   * Linux allows an empty list to be passed for argv. This is a non-standard
96. +   * (mis)feature, so don't allow it.
97. +   */
98. +  if (argc == 0)
99. +    {
100. +      g_printerr("Refusing to accept empty argv\n");
101. +      goto out;
102. +    }
103. +
104.    g_type_init ();
105.  
106.    error = NULL;
107. --
108. 1.7.9.7