[PATCH v3 04/27] adduser: replace BB_EXECLP call with BB_EXECVP
Nadav Tasher
tashernadav at gmail.com
Wed Jan 29 09:06:22 UTC 2025
On Wed, Jan 29, 2025 at 04:58:59PM +0800, Kang-Che Sung wrote:
> On Wed, Jan 29, 2025 at 7:47 AM Nadav Tasher <tashernadav at gmail.com> wrote:
> >
> > So, in summary, I need one of the following:
> > 1. Guarentee that anything BB_EXECVPE does is not going to affect argv[],
> > since some of them are defined as string literals, and those can be in .rodata.
> > 2. Change all of the argv initializations to result in char ** without casts.
> >
> > I think it would be easier to implement (1), since making a copy of argv[] is
> > quite easy, but I must agree that implementing (2) is the right way to go.
> >
> > What do you suggest I do?
> > Should I use xstrdup to duplicate literals?
> >
>
> How about making string buffers on the call stack directly instead of
> allocating them on the heap? Saving all the trouble where the
> allocation on the heap can fail?
> Of course, with some user-supplied arguments you might need to
> strdup() them. My idea is when the argument strings are almost fixed,
> declare them this way to keep thing simple:
>
> char new_arg0[] = "passwd";
> char new_arg1[] = "--";
> char *new_argv[] = {new_arg0, new_arg1, login_name, NULL};
That sounds like a good solution.
I'll implement that for the next revision.
Thanks!
More information about the busybox
mailing list