This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch master updated. glibc-2.27.9000-446-g283d985
- From: azanella at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 8 Jun 2018 20:30:58 -0000
- Subject: GNU C Library master sources branch master updated. glibc-2.27.9000-446-g283d985
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 283d98512272a12cb84e7798c23edbdf1adb287d (commit)
from 67c0579669ba1fc265d770252fab31babf887329 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=283d98512272a12cb84e7798c23edbdf1adb287d
commit 283d98512272a12cb84e7798c23edbdf1adb287d
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Wed Jun 6 14:07:34 2018 -0300
posix: Fix posix_spawnp to not execute invalid binaries in non compat mode (BZ#23264)
Current posix_spawnp implementation wrongly tries to execute invalid
binaries (for instance script without shebang) as a shell script in
non compat mode. It was a regression introduced by
9ff72da471a509a8c19791efe469f47fa6977410 when __spawni started to use
__execvpe instead of __execve (glibc __execvpe try to execute ENOEXEC
as shell script regardless).
This patch fixes it by using an internal symbol (__execvpex) with the
faulty semantic (since compat mode is handled by spawni.c itself).
It was reported by Daniel Drake on libc-help [1].
Checked on x86_64-linux-gnu and i686-linux-gnu.
[BZ #23264]
* include/unistd.h (__execvpex): New prototype.
* posix/Makefile (tests): Add tst-spawn4.
(tests-internal): Add tst-spawn4-compat.
* posix/execvpe.c (__execvpe_common, __execvpex): New functions.
* posix/tst-spawn4-compat.c: New file.
* posix/tst-spawn4.c: Likewise.
* sysdeps/unix/sysv/linux/spawni.c (__spawni): Do not interpret invalid
binaries as shell scripts.
* sysdeps/posix/spawni.c (__spawni): Likewise.
[1] https://sourceware.org/ml/libc-help/2018-06/msg00012.html
diff --git a/ChangeLog b/ChangeLog
index 73b2595..94830c8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2018-06-08 Adhemerval Zanella <adhemerval.zanella@linaro.org>
+
+ [BZ #23264]
+ * include/unistd.h (__execvpex): New prototype.
+ * posix/Makefile (tests): Add tst-spawn4.
+ (tests-internal): Add tst-spawn4-compat.
+ * posix/execvpe.c (__execvpe_common, __execvpex): New functions.
+ * posix/tst-spawn4-compat.c: New file.
+ * posix/tst-spawn4.c: Likewise.
+ * sysdeps/unix/sysv/linux/spawni.c (__spawni): Do not interpret invalid
+ binaries as shell scripts.
+ * sysdeps/posix/spawni.c (__spawni): Likewise.
+
2018-06-08 H.J. Lu <hongjiu.lu@intel.com>
[BZ #23145]
diff --git a/include/unistd.h b/include/unistd.h
index 0f91b8b..a171b00 100644
--- a/include/unistd.h
+++ b/include/unistd.h
@@ -77,6 +77,8 @@ extern char *__getcwd (char *__buf, size_t __size) attribute_hidden;
extern int __rmdir (const char *__path) attribute_hidden;
extern int __execvpe (const char *file, char *const argv[],
char *const envp[]) attribute_hidden;
+extern int __execvpex (const char *file, char *const argv[],
+ char *const envp[]) attribute_hidden;
/* Get the canonical absolute name of the named directory, and put it in SIZE
bytes of BUF. Returns NULL if the directory couldn't be determined or
diff --git a/posix/Makefile b/posix/Makefile
index e9730ee..4a9a1b5 100644
--- a/posix/Makefile
+++ b/posix/Makefile
@@ -95,10 +95,10 @@ tests := test-errno tstgetopt testfnm runtests runptests \
tst-posix_spawn-fd tst-posix_spawn-setsid \
tst-posix_fadvise tst-posix_fadvise64 \
tst-sysconf-empty-chroot tst-glob_symlinks tst-fexecve \
- tst-glob-tilde test-ssize-max
+ tst-glob-tilde test-ssize-max tst-spawn4
tests-internal := bug-regex5 bug-regex20 bug-regex33 \
tst-rfc3484 tst-rfc3484-2 tst-rfc3484-3 \
- tst-glob_lstat_compat
+ tst-glob_lstat_compat tst-spawn4-compat
xtests := bug-ga2 tst-getaddrinfo4 tst-getaddrinfo5
ifeq (yes,$(build-shared))
test-srcs := globtest
diff --git a/posix/execvpe.c b/posix/execvpe.c
index 859c0f6..ea67d19 100644
--- a/posix/execvpe.c
+++ b/posix/execvpe.c
@@ -67,11 +67,9 @@ maybe_script_execute (const char *file, char *const argv[], char *const envp[])
__execve (new_argv[0], new_argv, envp);
}
-
-/* Execute FILE, searching in the `PATH' environment variable if it contains
- no slashes, with arguments ARGV and environment from ENVP. */
-int
-__execvpe (const char *file, char *const argv[], char *const envp[])
+static int
+__execvpe_common (const char *file, char *const argv[], char *const envp[],
+ bool exec_script)
{
/* We check the simple case first. */
if (*file == '\0')
@@ -85,7 +83,7 @@ __execvpe (const char *file, char *const argv[], char *const envp[])
{
__execve (file, argv, envp);
- if (errno == ENOEXEC)
+ if (errno == ENOEXEC && exec_script)
maybe_script_execute (file, argv, envp);
return -1;
@@ -137,7 +135,7 @@ __execvpe (const char *file, char *const argv[], char *const envp[])
__execve (buffer, argv, envp);
- if (errno == ENOEXEC)
+ if (errno == ENOEXEC && exec_script)
/* This has O(P*C) behavior, where P is the length of the path and C
is the argument count. A better strategy would be allocate the
substitute argv and reuse it each time through the loop (so it
@@ -184,4 +182,18 @@ __execvpe (const char *file, char *const argv[], char *const envp[])
return -1;
}
+/* Execute FILE, searching in the `PATH' environment variable if it contains
+ no slashes, with arguments ARGV and environment from ENVP. */
+int
+__execvpe (const char *file, char *const argv[], char *const envp[])
+{
+ return __execvpe_common (file, argv, envp, true);
+}
weak_alias (__execvpe, execvpe)
+
+/* Same as __EXECVPE, but does not try to execute NOEXEC files. */
+int
+__execvpex (const char *file, char *const argv[], char *const envp[])
+{
+ return __execvpe_common (file, argv, envp, false);
+}
diff --git a/posix/tst-spawn4-compat.c b/posix/tst-spawn4-compat.c
new file mode 100644
index 0000000..11f654b
--- /dev/null
+++ b/posix/tst-spawn4-compat.c
@@ -0,0 +1,77 @@
+/* Check if posix_spawn does handle correctly ENOEXEC files.
+ Copyright (C) 2018 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <spawn.h>
+#include <errno.h>
+#include <unistd.h>
+#include <sys/stat.h>
+#include <sys/wait.h>
+
+#include <support/xunistd.h>
+#include <support/check.h>
+#include <support/temp_file.h>
+
+#include <shlib-compat.h>
+#if TEST_COMPAT (libc, GLIBC_2_0, GLIBC_2_15)
+
+compat_symbol_reference (libc, posix_spawn, posix_spawn, GLIBC_2_2);
+compat_symbol_reference (libc, posix_spawnp, posix_spawnp, GLIBC_2_2);
+
+static int
+do_test (void)
+{
+ char *scriptname;
+ int fd = create_temp_file ("tst-spawn4.", &scriptname);
+ TEST_VERIFY_EXIT (fd >= 0);
+
+ const char script[] = "exit 65";
+ xwrite (fd, script, sizeof (script) - 1);
+ xclose (fd);
+
+ TEST_VERIFY_EXIT (chmod (scriptname, 0x775) == 0);
+
+ pid_t pid;
+ int status;
+
+ /* For compat symbol it verifies that trying to issued a shell script
+ without a shebang is correctly executed. */
+ status = posix_spawn (&pid, scriptname, NULL, NULL, (char *[]) { 0 },
+ (char *[]) { 0 });
+ TEST_VERIFY_EXIT (status == 0);
+
+ TEST_VERIFY_EXIT (waitpid (pid, &status, 0) == pid);
+ TEST_VERIFY_EXIT (WIFEXITED (status) == 1 && WEXITSTATUS (status) == 65);
+
+ status = posix_spawnp (&pid, scriptname, NULL, NULL, (char *[]) { 0 },
+ (char *[]) { 0 });
+ TEST_VERIFY_EXIT (status == 0);
+
+ TEST_VERIFY_EXIT (waitpid (pid, &status, 0) == pid);
+ TEST_VERIFY_EXIT (WIFEXITED (status) == 1 && WEXITSTATUS (status) == 65);
+
+ return 0;
+}
+#else
+static int
+do_test (void)
+{
+ return 77;
+}
+#endif
+
+#include <support/test-driver.c>
diff --git a/posix/tst-spawn4.c b/posix/tst-spawn4.c
new file mode 100644
index 0000000..e4a1fa3
--- /dev/null
+++ b/posix/tst-spawn4.c
@@ -0,0 +1,56 @@
+/* Check if posix_spawn does handle correctly ENOEXEC files.
+ Copyright (C) 2018 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <spawn.h>
+#include <errno.h>
+#include <unistd.h>
+#include <sys/stat.h>
+
+#include <support/xunistd.h>
+#include <support/check.h>
+#include <support/temp_file.h>
+
+static int
+do_test (void)
+{
+ char *scriptname;
+ int fd = create_temp_file ("tst-spawn4.", &scriptname);
+ TEST_VERIFY_EXIT (fd >= 0);
+
+ const char script[] = "echo it should not happen";
+ xwrite (fd, script, sizeof (script) - 1);
+ xclose (fd);
+
+ TEST_VERIFY_EXIT (chmod (scriptname, 0x775) == 0);
+
+ pid_t pid;
+ int status;
+
+ /* Check if scripts without shebang are correctly not executed. */
+ status = posix_spawn (&pid, scriptname, NULL, NULL, (char *[]) { 0 },
+ (char *[]) { 0 });
+ TEST_VERIFY_EXIT (status == ENOEXEC);
+
+ status = posix_spawnp (&pid, scriptname, NULL, NULL, (char *[]) { 0 },
+ (char *[]) { 0 });
+ TEST_VERIFY_EXIT (status == ENOEXEC);
+
+ return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/sysdeps/posix/spawni.c b/sysdeps/posix/spawni.c
index 36bb5b4..b138ab4 100644
--- a/sysdeps/posix/spawni.c
+++ b/sysdeps/posix/spawni.c
@@ -310,6 +310,8 @@ __spawni (pid_t * pid, const char *file,
const posix_spawnattr_t * attrp, char *const argv[],
char *const envp[], int xflags)
{
+ /* It uses __execvpex to avoid run ENOEXEC in non compatibility mode (it
+ will be handled by maybe_script_execute). */
return __spawnix (pid, file, acts, attrp, argv, envp, xflags,
- xflags & SPAWN_XFLAGS_USE_PATH ? __execvpe : __execve);
+ xflags & SPAWN_XFLAGS_USE_PATH ? __execvpex : __execve);
}
diff --git a/sysdeps/unix/sysv/linux/spawni.c b/sysdeps/unix/sysv/linux/spawni.c
index 0391b9b..cf0213e 100644
--- a/sysdeps/unix/sysv/linux/spawni.c
+++ b/sysdeps/unix/sysv/linux/spawni.c
@@ -404,6 +404,8 @@ __spawni (pid_t * pid, const char *file,
const posix_spawnattr_t * attrp, char *const argv[],
char *const envp[], int xflags)
{
+ /* It uses __execvpex to avoid run ENOEXEC in non compatibility mode (it
+ will be handled by maybe_script_execute). */
return __spawnix (pid, file, acts, attrp, argv, envp, xflags,
- xflags & SPAWN_XFLAGS_USE_PATH ? __execvpe : __execve);
+ xflags & SPAWN_XFLAGS_USE_PATH ? __execvpex :__execve);
}
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 13 ++++
include/unistd.h | 2 +
posix/Makefile | 4 +-
posix/execvpe.c | 26 ++++++--
posix/tst-spawn4-compat.c | 77 ++++++++++++++++++++++++++
signal/tst-sigaction.c => posix/tst-spawn4.c | 54 +++++++++---------
sysdeps/posix/spawni.c | 4 +-
sysdeps/unix/sysv/linux/spawni.c | 4 +-
8 files changed, 146 insertions(+), 38 deletions(-)
create mode 100644 posix/tst-spawn4-compat.c
copy signal/tst-sigaction.c => posix/tst-spawn4.c (51%)
hooks/post-receive
--
GNU C Library master sources