From 283d98512272a12cb84e7798c23edbdf1adb287d Mon Sep 17 00:00:00 2001 From: Adhemerval Zanella Date: Wed, 6 Jun 2018 14:07:34 -0300 Subject: posix: Fix posix_spawnp to not execute invalid binaries in non compat mode (BZ#23264) Current posix_spawnp implementation wrongly tries to execute invalid binaries (for instance script without shebang) as a shell script in non compat mode. It was a regression introduced by 9ff72da471a509a8c19791efe469f47fa6977410 when __spawni started to use __execvpe instead of __execve (glibc __execvpe try to execute ENOEXEC as shell script regardless). This patch fixes it by using an internal symbol (__execvpex) with the faulty semantic (since compat mode is handled by spawni.c itself). It was reported by Daniel Drake on libc-help [1]. Checked on x86_64-linux-gnu and i686-linux-gnu. [BZ #23264] * include/unistd.h (__execvpex): New prototype. * posix/Makefile (tests): Add tst-spawn4. (tests-internal): Add tst-spawn4-compat. * posix/execvpe.c (__execvpe_common, __execvpex): New functions. * posix/tst-spawn4-compat.c: New file. * posix/tst-spawn4.c: Likewise. * sysdeps/unix/sysv/linux/spawni.c (__spawni): Do not interpret invalid binaries as shell scripts. * sysdeps/posix/spawni.c (__spawni): Likewise. [1] https://sourceware.org/ml/libc-help/2018-06/msg00012.html --- posix/execvpe.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) (limited to 'posix/execvpe.c') diff --git a/posix/execvpe.c b/posix/execvpe.c index 859c0f6..ea67d19 100644 --- a/posix/execvpe.c +++ b/posix/execvpe.c @@ -67,11 +67,9 @@ maybe_script_execute (const char *file, char *const argv[], char *const envp[]) __execve (new_argv[0], new_argv, envp); } - -/* Execute FILE, searching in the `PATH' environment variable if it contains - no slashes, with arguments ARGV and environment from ENVP. */ -int -__execvpe (const char *file, char *const argv[], char *const envp[]) +static int +__execvpe_common (const char *file, char *const argv[], char *const envp[], + bool exec_script) { /* We check the simple case first. */ if (*file == '\0') @@ -85,7 +83,7 @@ __execvpe (const char *file, char *const argv[], char *const envp[]) { __execve (file, argv, envp); - if (errno == ENOEXEC) + if (errno == ENOEXEC && exec_script) maybe_script_execute (file, argv, envp); return -1; @@ -137,7 +135,7 @@ __execvpe (const char *file, char *const argv[], char *const envp[]) __execve (buffer, argv, envp); - if (errno == ENOEXEC) + if (errno == ENOEXEC && exec_script) /* This has O(P*C) behavior, where P is the length of the path and C is the argument count. A better strategy would be allocate the substitute argv and reuse it each time through the loop (so it @@ -184,4 +182,18 @@ __execvpe (const char *file, char *const argv[], char *const envp[]) return -1; } +/* Execute FILE, searching in the `PATH' environment variable if it contains + no slashes, with arguments ARGV and environment from ENVP. */ +int +__execvpe (const char *file, char *const argv[], char *const envp[]) +{ + return __execvpe_common (file, argv, envp, true); +} weak_alias (__execvpe, execvpe) + +/* Same as __EXECVPE, but does not try to execute NOEXEC files. */ +int +__execvpex (const char *file, char *const argv[], char *const envp[]) +{ + return __execvpe_common (file, argv, envp, false); +} -- cgit v1.1