From: Eric Blake <eblake@redhat.com>
To: Bruno Haible <bruno@clisp.org>, cygwin@cygwin.com
Subject: Re: posix_spawn facility
Date: Mon, 31 Jul 2023 13:58:20 -0500 [thread overview]
Message-ID: <xop64tmb4ijtfr62nrrsn4dzmpk4cvaru53tuarvmijsvqhyil@5ozkz7zhfz4x> (raw)
In-Reply-To: <xsn3qmrcprucviwtwoehm5hfgna5nogttqgud3ut6t2craprjp@6u5dgtopjfig>
Following up on an older thread:
On Tue, Apr 18, 2023 at 03:49:20PM -0500, Eric Blake wrote:
> The glibc bug points to the sample posix_spawn() implementation in
> POSIX XRAT - but that example implementation is non-normative and
> known buggy, so it is not safe to rely on it.
>
> Clarifying the wording in XRAT to explicitly mention that the example
> is NOT bullet-proof (and that implementations should do better) is
> probably worthwhile; I'll tackle that bug report.
>
> >
> > Second, the rational section in POSIX explains posix_spawn and
> > posix_spawnp, but it does *not* actually provide an example
> > implementation of posix_spawnp, only of posix_spawn.
>
> POSIX is silent as to whether posix_spawnp() has to fall back to 'sh'
> on ENOEXEC failure. The p suffix is indeed similar to execvp() (which
> DOES require a fallback to sh), but it could also just mean a
> PATH-search, and not the PATH-search-and-sh-fallback of execvp(). As
> we now have implementations in the wild that differ in behavior, and
> use security as a reason for the divergence, it is worth getting that
> clarified in POSIX. I'll file a bug against POSIX shortly, and reply
> again once it is up.
>
> My personal preference: sh fallback on ENOEXEC is useful in execvp(),
> but a bear to get right (see
> https://www.austingroupbugs.net/view.php?id=1645 where POSIX has a bug
> in requiring argv[0] to be the script's filename, which breaks busybox
> sh and is NOT what glibc does; meanwhile, musl intentionally does NOT
> do the sh fallback), so NOT doing it in posix_spawnp() would be
> reasonable; but we'll have to see what the rest of the Austin Group
> says.
...
>
> Yeah, it appears that POSIX is (accidentally) silent on whether
> posix_spawnp() has to do the sh fallback on ENOEXEC; but it seems
> quite reasonable that posix_spawn() being more like execle() must NOT
> do a sh fallback.
The Austin Group finally visited the topic today; result is that in
the next version of POSIX, it will be explicit that neither
posix_spawn() nor posix_spawnp() are allowed to attempt sh fallback
(instead, they must fail with ENOEXEC if detected in the parent, or
with status 127 if after creating the child).
https://austingroupbugs.net/view.php?id=1674#c6411
Yes, it's odd that ENOEXEC normally equates to status 126, but does
not do so for posix_spawn(). If you want to add an extention
POSIX_SPAWN flag (for use in posix_spawnattr_setflags()) to further
tweak things as an extension to the standard, that would probably be
reasonable, but without implementations already implementing and
relying on such extension flags, the Austin Group did not want to
visit that topic today.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc.
Virtualization: qemu.org | libguestfs.org
next prev parent reply other threads:[~2023-07-31 18:58 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-16 11:46 Bruno Haible
2023-04-17 9:18 ` Corinna Vinschen
2023-04-17 18:44 ` Bruno Haible
2023-04-18 9:25 ` Corinna Vinschen
2023-04-18 20:49 ` Eric Blake
2023-04-18 21:00 ` Corinna Vinschen
2023-04-18 22:10 ` Bruno Haible
2023-04-19 2:39 ` Eric Blake
2023-04-19 8:19 ` Corinna Vinschen
2023-04-19 11:56 ` Bruno Haible
2023-04-20 6:52 ` Csaba Raduly
2023-07-31 18:58 ` Eric Blake [this message]
2023-07-31 19:12 ` Corinna Vinschen
2023-04-19 8:24 ` Corinna Vinschen
2023-04-19 11:24 ` posix_spawn_file_actions_add[f]chdir_np Bruno Haible
2023-04-19 15:05 ` posix_spawn_file_actions_add[f]chdir_np Corinna Vinschen
2023-04-19 19:13 ` posix_spawn_file_actions_add[f]chdir_np Corinna Vinschen
2023-04-19 21:33 ` posix_spawn_file_actions_add[f]chdir_np Eliot Moss
2023-04-20 10:27 ` posix_spawn_file_actions_add[f]chdir_np Bruno Haible
2023-04-19 10:48 ` posix_spawn facility Bruno Haible
2023-04-20 7:14 ` gs-cygwin.com
2023-04-20 8:35 ` Corinna Vinschen
2023-04-20 10:18 ` Bruno Haible
2023-04-20 14:21 ` Corinna Vinschen
2023-04-20 14:40 ` Corinna Vinschen
2023-04-20 14:58 ` Bruno Haible
2023-04-20 15:40 ` Corinna Vinschen
2023-04-20 18:46 ` gs-cygwin.com
2023-04-20 18:40 ` gs-cygwin.com
2023-04-20 19:31 ` Bruno Haible
2023-04-20 20:00 ` gs-cygwin.com
2023-05-10 9:15 ` gs-cygwin.com
2023-04-20 18:04 ` gs-cygwin.com
2023-05-10 8:59 ` gs-cygwin.com
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xop64tmb4ijtfr62nrrsn4dzmpk4cvaru53tuarvmijsvqhyil@5ozkz7zhfz4x \
--to=eblake@redhat.com \
--cc=bruno@clisp.org \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).