From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 21355 invoked by alias); 25 Aug 2011 20:46:19 -0000 Received: (qmail 21346 invoked by uid 22791); 25 Aug 2011 20:46:18 -0000 X-SWARE-Spam-Status: No, hits=-2.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 X-Spam-Check-By: sourceware.org Received: from localhost (HELO sourceware.org) (127.0.0.1) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Thu, 25 Aug 2011 20:46:05 +0000 From: "shea at shealevy dot com" To: glibc-bugs@sources.redhat.com Subject: [Bug libc/13134] New: posix_spawn() invokes sh on unknown executable image types Date: Thu, 25 Aug 2011 20:46:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: libc X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: shea at shealevy dot com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: drepper.fsp at gmail dot com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org X-SW-Source: 2011-08/txt/msg00097.txt.bz2 http://sourceware.org/bugzilla/show_bug.cgi?id=13134 Bug #: 13134 Summary: posix_spawn() invokes sh on unknown executable image types Product: glibc Version: unspecified Status: NEW Severity: normal Priority: P2 Component: libc AssignedTo: drepper.fsp@gmail.com ReportedBy: shea@shealevy.com Classification: Unclassified The current glibc implementation of posix_spawn() invokes /bin/sh if execve sets errno to ENOEXEC. This is not specified by the POSIX.2004 definition (http://pubs.opengroup.org/onlinepubs/009695399/functions/posix_spawn.html), is different from the behavior of the sample implementation in the POSIX.2004 rationale section (http://pubs.opengroup.org/onlinepubs/009604599/xrat/xsh_chap03.html), and seems to have the same security risks that system() and popen() do in set{u,g}id executables. In particular, the Rationale section says "The effective behavior of a successful invocation of posix_spawn() is as if the operation were implemented with POSIX operations as follows:", which as I've said is followed by an implementation that behaves differently than the glibc posix_spawn(). This appears to be non-compliant behavior. -- Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.