Admins will be upgrading ORNL GitLab Servers on Saturday, 16 May 2026, from 7 AM until 11 AM EST. Repositories will experience intermittent outages during this time.

Commit 2a6a3d2c authored Jan 27, 2022 by Konrad Borowski

nixos/wrappers: require argc to be at least one

setuid applications were exploited in the past with an empty
argv, such as pkexec using CVE-2021-4034.

parent 1009d6e7

nixos/modules/security/wrappers/wrapper.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -170,6 +170,7 @@ int readlink_malloc(const char p, char *ret) {
		}

		int main(int argc, char **argv) {
		ASSERT(argc >= 1);
		char *self_path = NULL;
		int self_path_size = readlink_malloc("/proc/self/exe", &self_path);
		if (self_path_size < 0) {

Admin message