Date: Mon, 14 Oct 1996 07:00:03 -0700 (PDT) From: Tor Egge <Tor.Egge@idt.ntnu.no> To: freebsd-bugs Subject: Re: misc/1791: syslimits.h does not allow overriding default value of ARG_MAX Message-ID: <199610141400.HAA28691@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR misc/1791; it has been noted by GNATS.
From: Tor Egge <Tor.Egge@idt.ntnu.no>
To: bde@zeta.org.au
Cc: FreeBSD-gnats-submit@freebsd.org, tegge@itea.ntnu.no
Subject: Re: misc/1791: syslimits.h does not allow overriding default value of ARG_MAX
Date: Mon, 14 Oct 1996 15:33:36 +0200
> > It is not possible to specify an alternative value of ARG_MAX
> > in the kernel config file, since /usr/src/sys/sys/syslimits.h
> > defines ARG_MAX even if it was defined.
>
> This isn't a bug. Defining ARG_MAX in <limits.h> advertises to
> applications that ARG_MAX is a constant with the given value. The
> only correct way to change it is to change the header and recompile
> all applications that depend on it (ps, xargs and who-knows-what
> else).
>
> The best way to fix the problem is to remove the definition of
> ARG_MAX from <limits.h> and then fix everything that (bogusly)
> depends on it.
>
Correct.
A short grep for ARG_MAX in the non-kernel part of the FreeBSD source tree
shows only a few occurences:
./bin/ps/fmt.c: static char buf[ARG_MAX]; /* XXX */
./contrib/gcc/config/i386/xm-sco.h:/* SCO has a very small ARG_MAX. */
./contrib/gcc/config/i386/xm-sysv4.h:/* Univel, at least, has a small ARG_MAX. Defining this is harmless
./contrib/gcc/gcc.c: only important to return 0 if the host machine has a small ARG_MAX
./usr.bin/xargs/xargs.c: * POSIX.2 limits the exec line length to ARG_MAX - 2K. Running that
./usr.bin/xargs/xargs.c: * caused some E2BIG errors, so it was changed to ARG_MAX - 4K. Given
./usr.bin/xargs/xargs.c: * (ARG_MAX - 4K - LENGTH(utility + arguments)) / 2.
./usr.bin/xargs/xargs.c: nline = ARG_MAX - 4 * 1024;
Only the ps and xargs parts are interesting.
ps is already broken, e.g. compile this program and run it in the
background, then run ps with xwww as arguments while this program is
still running. Immediate buffer overflow in shquote due to the buffer
being only ARG_MAX in size, instead of 4*ARG_MAX+1.
#include <sys/types.h>
#include <stdio.h>
#include <vis.h>
#include <errno.h>
int main(int argc,char **argv)
{
char arg[30000];
char arg2[600000];
strcpy(arg,"sleep 10 # ");
memset(arg+strlen(arg),'\201',sizeof(arg)-strlen(arg));
arg[sizeof(arg)-1]=0;
strvis(arg2,arg,VIS_NL | VIS_CSTYLE);
printf("len is %d\n",strlen(arg2));
execl("/bin/sh","sh","-c",arg,0);
printf("FAILED, errno=%d\n",errno);
}
xargs having a too low (i.e. too conservative) value for ARG_MAX does not
normally cause any problems. It only reduces performance.
- Tor Egge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610141400.HAA28691>