On Fri, Jun 13, 2003, Shaul Karl wrote about "Command line limit for an arbitrary program?": > 1. What is the limit for strlen(argv[1]) and where is it set?
On Unix, command line arguments are passed from the running program to the executable which is going to replace it, with an execve() system call (or one of its variants). These arguments are saved in a special location (later to be given to the C program as a "argv" array) and their total length (not the length of each individual argument) is limited by the kernel. Actually, it's slightly more complicated: the environment-variables are also passed in the same way (and given to C programs as a third "envp" variable that very few people are aware of), and this also takes part of the limited size (if I remember correctly). Anyway, if you look at the execve(2) manual, you'll see that execve() (or the other exec variants) will fail with E2BIG error if the argument list is too long. What exactly the limit is isn't specified in the manual, so you need to either experiment (easy! see if you can write a simple C program to check it out) or to look at the kernel sources to figure out this limit. >From a quick glance on the kernel include files (unfortunately I'm not an expert enough on the Linux kernel to give you an authoritative answer) I see that 32 pages are allocated for arguments. At 4K per page, that comes out to a limit of 131072 bytes for the arguments + environment. Exercise: verify this limit and report back to the group! > 2. What will happen in case it is passed a longer argument? Assuming > root permissions, will it allow an exploit? exec*() will fail and return E2BIG. I've never heard of any way to exploit such a problem, but if a program tries to run another problem and doesn't check for exec() errors and goes on doing weird things, I guess anything is possible... I recommend you always follow exec() with _exit() ! > 3. Is there a compilation or another constant for this length? Maybe modifying binfmts.h (MAX_ARG_PAGES) or limits.h (ARG_MAX) in the kernel sources and recompiling the kernel will change this limit. Exercise: verify this by trying, or by looking at where these constants are actually used inside the kernel. -- Nadav Har'El | Friday, Jun 13 2003, 13 Sivan 5763 [EMAIL PROTECTED] |----------------------------------------- Phone: +972-53-245868, ICQ 13349191 |Only dead fish go with the flow. http://nadav.harel.org.il | ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
