>From 9042e0456ac72d9333e2d48970c7f2835acfbf79 Mon Sep 17 00:00:00 2001 From: Bruno Haible Date: Wed, 23 Dec 2020 23:58:17 +0100 Subject: [PATCH 1/3] Don't execute scripts without '#!' marker through /bin/sh. This reflects the change done in glibc through and . * lib/spawni.c (internal_function): Remove macro. (script_execute): Remove function. (__spawni): Don't invoke script_execute. * lib/execute.c (execute): Disable the ENOEXEC handling. * lib/spawn-pipe.c (create_pipe): Likewise. * NEWS: Mention the change. --- ChangeLog | 13 +++++++++++++ NEWS | 7 +++++++ lib/execute.c | 2 ++ lib/spawn-pipe.c | 4 ++++ lib/spawni.c | 39 --------------------------------------- 5 files changed, 26 insertions(+), 39 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7d38a83..b0d67da 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,18 @@ 2020-12-23 Bruno Haible + Don't execute scripts without '#!' marker through /bin/sh. + This reflects the change done in glibc through + and + . + * lib/spawni.c (internal_function): Remove macro. + (script_execute): Remove function. + (__spawni): Don't invoke script_execute. + * lib/execute.c (execute): Disable the ENOEXEC handling. + * lib/spawn-pipe.c (create_pipe): Likewise. + * NEWS: Mention the change. + +2020-12-23 Bruno Haible + posix_spawn[p]: Fix compilation error on Windows (regr. 2020-12-14). Reported by Adrian Ebeling in . diff --git a/NEWS b/NEWS index 7679be0..c347ecd 100644 --- a/NEWS +++ b/NEWS @@ -60,6 +60,13 @@ User visible incompatible changes Date Modules Changes +2020-12-23 execute These functions no longer execute scripts without + spawn-pipe '#!' marker through /bin/sh. To execute such a + posix_spawn script as a shell script, either add a '#!/bin/sh' + posix_spawnp marker in the first line, or specify "/bin/sh" as + the program to execute and the script as its first + argument. + 2020-12-18 free This module, obsoleted in 2008, is gone. 2020-12-14 findprog-in The function 'find_in_given_path' now takes a 3rd diff --git a/lib/execute.c b/lib/execute.c index 41a2239..38dd07b 100644 --- a/lib/execute.c +++ b/lib/execute.c @@ -191,6 +191,7 @@ execute (const char *progname, exitcode = spawnpvech (P_WAIT, prog_path, argv + 1, (const char * const *) environ, directory, stdin_handle, stdout_handle, stderr_handle); +# if 0 /* Executing arbitrary files as shell scripts is unsecure. */ if (exitcode == -1 && errno == ENOEXEC) { /* prog is not a native executable. Try to execute it as a @@ -201,6 +202,7 @@ execute (const char *progname, (const char * const *) environ, directory, stdin_handle, stdout_handle, stderr_handle); } +# endif } if (exitcode == -1) saved_errno = errno; diff --git a/lib/spawn-pipe.c b/lib/spawn-pipe.c index d483520..aedbcb2 100644 --- a/lib/spawn-pipe.c +++ b/lib/spawn-pipe.c @@ -287,6 +287,7 @@ create_pipe (const char *progname, child = spawnpvech (P_NOWAIT, prog_path, argv + 1, (const char * const *) environ, directory, stdin_handle, stdout_handle, stderr_handle); +# if 0 /* Executing arbitrary files as shell scripts is unsecure. */ if (child == -1 && errno == ENOEXEC) { /* prog is not a native executable. Try to execute it as a @@ -297,6 +298,7 @@ create_pipe (const char *progname, (const char * const *) environ, directory, stdin_handle, stdout_handle, stderr_handle); } +# endif } failed: if (child == -1) @@ -374,6 +376,7 @@ create_pipe (const char *progname, { child = _spawnvpe (P_NOWAIT, prog_path, argv + 1, (const char **) environ); +# if 0 /* Executing arbitrary files as shell scripts is unsecure. */ if (child == -1 && errno == ENOEXEC) { /* prog is not a native executable. Try to execute it as a @@ -382,6 +385,7 @@ create_pipe (const char *progname, child = _spawnvpe (P_NOWAIT, argv[0], argv, (const char **) environ); } +# endif } if (child == -1) saved_errno = errno; diff --git a/lib/spawni.c b/lib/spawni.c index 06d98b4..182d13f 100644 --- a/lib/spawni.c +++ b/lib/spawni.c @@ -75,9 +75,6 @@ # define sigprocmask __sigprocmask # define strchrnul __strchrnul # define vfork __vfork -#else -# undef internal_function -# define internal_function /* empty */ #endif @@ -105,36 +102,6 @@ __spawni (pid_t *pid, const char *file, #else -/* The file is accessible but it is not an executable file. Invoke - the shell to interpret it as a script. */ -static void -internal_function -script_execute (const char *file, const char *const argv[], - const char *const envp[]) -{ - /* Count the arguments. */ - int argc = 0; - while (argv[argc++]) - ; - - /* Construct an argument list for the shell. */ - { - const char **new_argv = - (const char **) alloca ((argc + 1) * sizeof (const char *)); - new_argv[0] = _PATH_BSHELL; - new_argv[1] = file; - while (argc > 1) - { - new_argv[argc] = argv[argc - 1]; - --argc; - } - - /* Execute the shell. */ - execve (new_argv[0], (char * const *) new_argv, (char * const *) envp); - } -} - - /* Spawn a new process executing PATH with the attributes describes in *ATTRP. Before running the process perform the actions described in FILE-ACTIONS. */ int @@ -307,9 +274,6 @@ __spawni (pid_t *pid, const char *file, /* The FILE parameter is actually a path. */ execve (file, (char * const *) argv, (char * const *) envp); - if (errno == ENOEXEC) - script_execute (file, argv, envp); - /* Oh, oh. 'execve' returns. This is bad. */ _exit (SPAWN_ERROR); } @@ -358,9 +322,6 @@ __spawni (pid_t *pid, const char *file, /* Try to execute this name. If it works, execv will not return. */ execve (startp, (char * const *) argv, (char * const *) envp); - if (errno == ENOEXEC) - script_execute (startp, argv, envp); - switch (errno) { case EACCES: -- 2.7.4