coreutils: Protect against env -a for security by oech3 · Pull Request #10773 · uutils/coreutils

oech3 · 2026-02-06T18:18:53Z

env -a false ls does not fail. Works under masked /proc.
Closes #10135

github-actions · 2026-02-06T18:53:12Z

GNU testsuite comparison:

Skip an intermittent issue tests/tty/tty-eof (fails in this run but passes in the 'main' branch)
Skipping an intermittent issue tests/misc/usage_vs_getopt (passes in this run but fails in the 'main' branch)
Skipping an intermittent issue tests/shuf/shuf-reservoir (passes in this run but fails in the 'main' branch)
Skipping an intermittent issue tests/sort/sort-stale-thread-mem (passes in this run but fails in the 'main' branch)
Note: The gnu test tests/basenc/bounded-memory is now being skipped but was previously passing.

github-actions · 2026-02-07T08:03:06Z

GNU testsuite comparison:

Skip an intermittent issue tests/shuf/shuf-reservoir (fails in this run but passes in the 'main' branch)
Skip an intermittent issue tests/sort/sort-stale-thread-mem (fails in this run but passes in the 'main' branch)

codspeed-hq · 2026-02-07T17:34:51Z

Merging this PR will not alter performance

✅ 309 untouched benchmarks
⏩ 46 skipped benchmarks¹

_{Comparing oech3:auxval (84e2ec0) with main (7920971)}

46 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

github-actions · 2026-02-08T16:59:29Z

GNU testsuite comparison:

GNU test failed: tests/cut/bounded-memory. tests/cut/bounded-memory is passing on 'main'. Maybe you have to rebase?
Congrats! The gnu test tests/pr/bounded-memory is no longer failing!

ChrisDryden · 2026-02-08T20:50:51Z

I think it would make sense for this code to go into the validation.rs file instead of in the main.rs, then you don't have to worry about importing libc.

It would be good to have an additional integration test that shows the env -a working

github-actions · 2026-02-08T22:13:02Z

GNU testsuite comparison:

Congrats! The gnu test tests/tail/tail-n0f is now passing!

github-actions · 2026-02-09T08:49:03Z

GNU testsuite comparison:

Skip an intermittent issue tests/shuf/shuf-reservoir (fails in this run but passes in the 'main' branch)
Skip an intermittent issue tests/sort/sort-stale-thread-mem (fails in this run but passes in the 'main' branch)
Congrats! The gnu test tests/tail/tail-n0f is now passing!

github-actions · 2026-02-09T12:36:54Z

GNU testsuite comparison:

Congrats! The gnu test tests/tail/tail-n0f is now passing!

github-actions · 2026-02-09T16:13:04Z

GNU testsuite comparison:

GNU test failed: tests/cut/bounded-memory. tests/cut/bounded-memory is passing on 'main'. Maybe you have to rebase?
GNU test failed: tests/pr/bounded-memory. tests/pr/bounded-memory is passing on 'main'. Maybe you have to rebase?
Congrats! The gnu test tests/tail/tail-n0f is now passing!

github-actions · 2026-02-11T12:14:23Z

GNU testsuite comparison:

GNU test failed: tests/env/env. tests/env/env is passing on 'main'. Maybe you have to rebase?
Skipping an intermittent issue tests/tail/follow-name (passes in this run but fails in the 'main' branch)

github-actions · 2026-03-12T17:19:50Z

GNU testsuite comparison:

GNU test failed: tests/misc/io-errors. tests/misc/io-errors is passing on 'main'. Maybe you have to rebase?
Skipping an intermittent issue tests/date/date-locale-hour (passes in this run but fails in the 'main' branch)
Note: The gnu test tests/cp/copy-FMR is now being skipped but was previously passing.
Note: The gnu test tests/cut/cut-huge-range is now being skipped but was previously passing.
Note: The gnu test tests/shuf/shuf-reservoir is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-stale-thread-mem is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-u-FMR is now being skipped but was previously passing.
Note: The gnu test tests/tail/tail-n0f is now being skipped but was previously passing.
Note: The gnu test tests/env/env-signal-handler was skipped on 'main' but is now failing.

github-actions · 2026-03-13T06:11:07Z

GNU testsuite comparison:

Skip an intermittent issue tests/date/resolution (fails in this run but passes in the 'main' branch)
Skipping an intermittent issue tests/pr/bounded-memory (passes in this run but fails in the 'main' branch)
Note: The gnu test tests/cp/copy-FMR is now being skipped but was previously passing.
Note: The gnu test tests/shuf/shuf-reservoir is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-stale-thread-mem is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-u-FMR is now being skipped but was previously passing.
Note: The gnu test tests/env/env-signal-handler was skipped on 'main' but is now failing.

Co-authored-by: Etienne Cordonnier <ecordonnier@snap.com>

github-actions · 2026-03-14T13:02:37Z

GNU testsuite comparison:

Note: The gnu test tests/cp/copy-FMR is now being skipped but was previously passing.
Note: The gnu test tests/dd/no-allocate is now being skipped but was previously passing.
Note: The gnu test tests/shuf/shuf-reservoir is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-stale-thread-mem is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-u-FMR is now being skipped but was previously passing.

oech3 · 2026-03-21T10:46:29Z

is this ok?

oech3 · 2026-03-26T07:05:26Z

@Ecordonnier ok?

Cargo.toml

github-actions · 2026-03-31T06:41:36Z

GNU testsuite comparison:

Skip an intermittent issue tests/cut/bounded-memory (fails in this run but passes in the 'main' branch)
Skip an intermittent issue tests/pr/bounded-memory (fails in this run but passes in the 'main' branch)
Skipping an intermittent issue tests/tail/symlink (passes in this run but fails in the 'main' branch)
Note: The gnu test tests/cp/copy-FMR is now being skipped but was previously passing.
Note: The gnu test tests/shuf/shuf-reservoir is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-stale-thread-mem is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-u-FMR is now being skipped but was previously passing.

Ecordonnier · 2026-04-04T22:46:28Z

@Ecordonnier ok?

yes, sorry for the delay

Ecordonnier · 2026-04-04T23:06:05Z

Btw, this is not only a security fix. For instance there is a bug in Cursor which is packaged using AppImage:

The integrated terminal of cursor starts uutils-coreutils with a wrong value of arv[0]. See https://forum.cursor.com/t/argv-0-is-replaced-with-cursor-bin-appimage/44878

This is explained here:
https://github.com/AppImage/AppImageKit/wiki/Creating-AppImages/cc2441518975caca23e9ce2dba6f08a22c678d1e :

AppImages of type-2 sets the file name to ARGV0. This can cause problems in applications running zsh as a child process. In such applications, you need to create your own AppRun and unset ARGV0.

So this PR should fix this issue.

oech3 · 2026-04-05T01:34:23Z

I think AppImage should support AT_EXECFN instead, but fixing it at here is not too bad.

oech3 · 2026-04-05T01:46:35Z

@Ecordonnier Can we mix raw and libc backends or directly use raw's execfn function? We might switch to libc backend for LD_PRELOAD GnuTests.

This prevents an attacker from spoofing argv[0] to bypass apparmor restrictions. - `env -a false ls` now correctly runs `ls` instead of dispatching as `false` - Also works under masked `/proc` (does not rely on /proc/self/exe). Closes uutils#10135

Ecordonnier · 2026-04-06T21:02:33Z

@Ecordonnier Can we mix raw and libc backends or directly use raw's execfn function? We might switch to libc backend for LD_PRELOAD GnuTests.

I think we can mix if there is a functional need for it. Maybe we should add a test verifying that the program name can't be spoofed using LD_PRELOAD and intercepting libc getauxval().

oech3 · 2026-04-06T21:08:18Z

I don't know about AppArmor, but is LD_PRELOAD still allowed.
Also I wanted to know how to

directly use raw's execfn

instead of getting permission to do that.

Ecordonnier · 2026-04-06T21:28:30Z

Apparmor does not prevent the usage of LD_PRELOAD.

"Also I wanted to know how to

directly use raw's execfn"

What do you mean? The rustix code shows how the linux syscall is used.

oech3 · 2026-04-06T21:30:27Z

something like rustix::raw::param::linux_execfn() or rustix::use-libc::param::linux_execfn()

Ecordonnier · 2026-04-06T21:35:19Z

something like rustix::raw::param::linux_execfn() or rustix::use-libc::param::linux_execfn()

Oh ok, I understand what you mean. I'm not sure that the crate exposes those functions directly. Normally the backend is selected via configuration.

oech3 · 2026-04-06T21:37:54Z

maybe, by removing workspace = true? Binary size might terrible.

oech3 marked this pull request as ready for review February 6, 2026 19:18

oech3 force-pushed the auxval branch 3 times, most recently from 01b6655 to 753f86c Compare February 7, 2026 07:47

oech3 force-pushed the auxval branch from 753f86c to 94ee016 Compare February 7, 2026 16:20

oech3 force-pushed the auxval branch 2 times, most recently from 59e307c to ac75ff7 Compare February 8, 2026 15:58

This comment was marked as resolved.

Sign in to view

This comment was marked as outdated.

Sign in to view

This comment was marked as resolved.

Sign in to view

oech3 force-pushed the auxval branch 3 times, most recently from 1337cbc to 40581ee Compare February 8, 2026 21:47

oech3 force-pushed the auxval branch 2 times, most recently from a5dd042 to 526f6fc Compare February 9, 2026 08:32

oech3 force-pushed the auxval branch from 526f6fc to 9d6a743 Compare February 9, 2026 12:27

oech3 force-pushed the auxval branch from 9d6a743 to 3f57dd7 Compare February 9, 2026 16:04

oech3 mentioned this pull request Feb 9, 2026

test_env: Make argv0 tests compatible with Ubuntu patch #10834

Merged

oech3 marked this pull request as draft February 9, 2026 16:40

oech3 mentioned this pull request Feb 15, 2026

coreutils: Resolve symlink with invalid binary name for better dummy support #10946

Open

oech3 force-pushed the auxval branch from 0c8b3c6 to 3b4ab62 Compare March 12, 2026 17:11

oech3 force-pushed the auxval branch from 3b4ab62 to 029284d Compare March 13, 2026 05:58

coreutils: Protect against env -a for security

2d60946

Co-authored-by: Etienne Cordonnier <ecordonnier@snap.com>

oech3 force-pushed the auxval branch 2 times, most recently from c54b52f to 2d60946 Compare March 14, 2026 12:52

oech3 requested a review from Ecordonnier March 14, 2026 13:20

sylvestre reviewed Mar 26, 2026

View reviewed changes

Cargo.toml Show resolved Hide resolved

Merge branch 'main' into auxval

35c821a

oech3 mentioned this pull request Apr 1, 2026

stdbuf cannot use libstdbuf on the same directory if /proc is masked #11134

Open

Merge branch 'main' into auxval

84e2ec0

Ecordonnier merged commit b6c5dd1 into uutils:main Apr 4, 2026
170 checks passed

oech3 deleted the auxval branch April 5, 2026 01:32

moonfruit mentioned this pull request Apr 7, 2026

uutils-selected 0.8.0 moonfruit/homebrew-tap#518

Closed

Uh oh!

Conversation

oech3 commented Feb 6, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions bot commented Feb 6, 2026

Uh oh!

github-actions bot commented Feb 7, 2026

Uh oh!

codspeed-hq bot commented Feb 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Merging this PR will not alter performance

Footnotes

Uh oh!

github-actions bot commented Feb 8, 2026

Uh oh!

ChrisDryden commented Feb 8, 2026

Uh oh!

This comment was marked as resolved.

This comment was marked as outdated.

This comment was marked as resolved.

github-actions bot commented Feb 8, 2026

Uh oh!

github-actions bot commented Feb 9, 2026

Uh oh!

github-actions bot commented Feb 9, 2026

Uh oh!

github-actions bot commented Feb 9, 2026

Uh oh!

github-actions bot commented Feb 11, 2026

Uh oh!

github-actions bot commented Mar 12, 2026

Uh oh!

github-actions bot commented Mar 13, 2026

Uh oh!

github-actions bot commented Mar 14, 2026

Uh oh!

oech3 commented Mar 21, 2026

Uh oh!

oech3 commented Mar 26, 2026

Uh oh!

Uh oh!

github-actions bot commented Mar 31, 2026

Uh oh!

Uh oh!

Ecordonnier commented Apr 4, 2026

Uh oh!

Ecordonnier commented Apr 4, 2026

Uh oh!

oech3 commented Apr 5, 2026

Uh oh!

oech3 commented Apr 5, 2026

Uh oh!

Ecordonnier commented Apr 6, 2026

Uh oh!

oech3 commented Apr 6, 2026

Uh oh!

Ecordonnier commented Apr 6, 2026

Uh oh!

oech3 commented Apr 6, 2026

Uh oh!

Ecordonnier commented Apr 6, 2026

Uh oh!

oech3 commented Apr 6, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

oech3 commented Feb 6, 2026 •

edited

Loading

codspeed-hq bot commented Feb 7, 2026 •

edited

Loading