[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
posix_spawn[p]: Don't execute scripts without '#!' marker through /bin/s
From: |
Bruno Haible |
Subject: |
posix_spawn[p]: Don't execute scripts without '#!' marker through /bin/sh |
Date: |
Thu, 24 Dec 2020 07:01:55 +0100 |
User-agent: |
KMail/5.1.3 (Linux/4.4.0-197-generic; KDE/5.18.0; x86_64; ; ) |
The posix_spawn implementation in gnulib comes from glibc as of 2008.
But in 2011 an important change was done in glibc: Remove the ability
to specify a script that does not start with a '#!' marker as executable.
Previously this file was /_assumed_/ to be a shell script.
Here are 3 patches:
- Change gnulib's posix_spawn to match what glibc does.
- Add unit tests.
- Fix the resulting test failures on many platforms (from GNU/Hurd [1] to
Solaris 11).
[1] https://lists.gnu.org/archive/html/bug-hurd/2020-12/msg00071.html
2020-12-23 Bruno Haible <bruno@clisp.org>
posix_spawn, posix_spawnp: Fix execution of scripts.
* m4/posix_spawn.m4 (gl_POSIX_SPAWN_SECURE): New macro.
(gl_POSIX_SPAWN_BODY): Invoke it. Set REPLACE_POSIX_SPAWN if posix_spawn
or posix_spawnp allows unsecure execution of scripts.
* doc/posix-functions/posix_spawn.texi: Document the script execution
problem.
* doc/posix-functions/posix_spawnp.texi: Likewise.
2020-12-23 Bruno Haible <bruno@clisp.org>
Add unit tests regarding execution of scripts.
* tests/executable-script: New file.
* tests/executable-shell-script: New file.
* tests/test-posix_spawn-script.c: New file.
* tests/test-posix_spawnp-script.c: New file.
* tests/test-execute-script.c: New file.
* tests/test-spawn-pipe-script.c: New file.
* modules/posix_spawn-tests (Files): Add
tests/test-posix_spawn-script.c, tests/executable-script,
tests/executable-shell-script.
(Makefile.am): Compile and run test-posix_spawn-script.
* modules/posix_spawnp-tests (Files): Add
tests/test-posix_spawnp-script.c, tests/executable-script,
tests/executable-shell-script.
(Makefile.am): Compile and run test-posix_spawnp-script.
* modules/execute-tests (Files): Add tests/test-execute-script.c,
tests/executable-script, tests/executable-shell-script.
(Makefile.am): Compile and run test-execute-script.
* modules/spawn-pipe-tests (Files): Add tests/test-spawn-pipe-script.c,
tests/executable-script, tests/executable-shell-script.
(Makefile.am): Compile and run test-spawn-pipe-script.
2020-12-23 Bruno Haible <bruno@clisp.org>
Don't execute scripts without '#!' marker through /bin/sh.
This reflects the change done in glibc through
<https://sourceware.org/bugzilla/show_bug.cgi?id=13134> and
<https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=d96de9634a334af16c0ac711074c15ac1762b23c>.
* lib/spawni.c (internal_function): Remove macro.
(script_execute): Remove function.
(__spawni): Don't invoke script_execute.
* lib/execute.c (execute): Disable the ENOEXEC handling.
* lib/spawn-pipe.c (create_pipe): Likewise.
* NEWS: Mention the change.
0001-Don-t-execute-scripts-without-marker-through-bin-sh.patch
Description: Text Data
0002-Add-unit-tests-regarding-execution-of-scripts.patch
Description: Text Data
0003-posix_spawn-posix_spawnp-Fix-execution-of-scripts.patch
Description: Text Data
- posix_spawn[p]: Don't execute scripts without '#!' marker through /bin/sh,
Bruno Haible <=