Not in all shells, but in some exec is a pass through to the system call …
Bash is a language, so again we are telling the stream to do something silly and calling it out had a security problem.
The issue is not arg[0] but uninformed expectations on how these systems work.
Relying on the program/command name for security and not the executable path is a bug.
Furthermore if a bad actor has enough access to run exec you probably are in a bad way.
The whole post also seems to not understand that both windows and linux have ways to change this display after the executable is running via SetConseTitle and prctl or simply modify arg[0] directly.
