Comments by "Anony Mousse" (@anon_y_mousse) on "PwnFunction" channel.

  1. This is why if you handle Unicode, you need to actually understand it.
    254
  2. The two biggest problems in computer science, naming things, off by one errors, commas in lists,
    80
  3. I know that we're technically allowed to modify the arguments in this way, and merely changing what argv points to isn't precisely wrong, but this is definitely some bad juju. While it would be less efficient, in this case I think safety should trump efficiency and it'd be better to just copy argv and modify your own copy.
    9
  4.  @ccreutzig  Actually, disregard most of the previous comment too, I was looking at the updated code by mistake, and it does alter argv. However, the problem is that they expected argv[0] to point somewhere that it doesn't, and they didn't properly account for a 0 length argv.
    2
  5.  @szr8  It doesn't modify what shows up in 'ps', just what argv[0] points to. Remember, the array that is argv is on the stack. So everything it points to is considered read-only, but the pointers on the stack are not. You can't change argv[0][0], but you can change argv[0];
    1
  6.  @ccreutzig  Actually, I just had a look at the code in question. Turns out it doesn't modify argv at all. I guess I should pay attention better. Apparently, the whole bug is in calling it with an empty argv, because it skips past argv[0] which when using exec*() like this can be empty. Moral of the story with this code, is don't expect that you're being called with your program name as argv[0]. Though, I stand by my statement that you should never modify argc and argv regardless of what you're doing.
    1