public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
From: "eblake at redhat dot com" <sourceware-bugzilla@sourceware.org> To: glibc-bugs@sourceware.org Subject: [Bug libc/28519] New: system and popen should pass "--" between /bin/sh and argument Date: Fri, 29 Oct 2021 21:41:51 +0000 [thread overview] Message-ID: <bug-28519-131@http.sourceware.org/bugzilla/> (raw) https://sourceware.org/bugzilla/show_bug.cgi?id=28519 Bug ID: 28519 Summary: system and popen should pass "--" between /bin/sh and argument Product: glibc Version: 2.35 Status: NEW Severity: normal Priority: P2 Component: libc Assignee: unassigned at sourceware dot org Reporter: eblake at redhat dot com CC: drepper.fsp at gmail dot com Target Milestone: --- The POSIX developers recently learned that if system() and popen() are required to NOT use "--", there are some cases where a user string is interpreted as shell options instead of the command to execute (namely, if the user string starts with '-' or '+'): https://austingroupbugs.net/view.php?id=1440 https://mail-index.netbsd.org/current-users/2021/10/29/msg041629.html is an interesting read on the topic, as well, including a very simple test case that proves that glibc is not yet handling things right for system() (assuming you do not have a trojan horse executable "-f" on your $PATH): $ ed ! -f sh: line 1: -f: command not found ! !-f sh: -c: option requires an argument ! q Whether or not the POSIX folks actually require "--" in the Issue 8 revision of POSIX (or defer it to Issue 9 because of complaints that it's not standard behavior yet), glibc really should fix its implementation to pass "--" now. If nothing else, the more implementations have correct behavior now, the easier it will be for POSIX to say it is standard behavior for Issue 8. Modulo testsuite additions (and maybe also fixing wordexp(), it may be as simple as: diff --git i/libio/iopopen.c w/libio/iopopen.c index 0266d19870..8d8cd1382c 100644 --- i/libio/iopopen.c +++ w/libio/iopopen.c @@ -85,7 +85,7 @@ spawn_process (posix_spawn_file_actions_t *fa, FILE *fp, const char *command, } if (__posix_spawn (&((_IO_proc_file *) fp)->pid, _PATH_BSHELL, fa, 0, - (char *const[]){ (char*) "sh", (char*) "-c", + (char *const[]){ (char*) "sh", (char*) "-c", (char*) "--", (char *) command, NULL }, __environ) != 0) return false; diff --git i/sysdeps/posix/system.c w/sysdeps/posix/system.c index 48668fb392..42e839aa9d 100644 --- i/sysdeps/posix/system.c +++ w/sysdeps/posix/system.c @@ -147,6 +147,7 @@ do_system (const char *line) ret = __posix_spawn (&pid, SHELL_PATH, 0, &spawn_attr, (char *const[]){ (char *) SHELL_NAME, (char *) "-c", + (char *) "--", (char *) line, NULL }, __environ); __posix_spawnattr_destroy (&spawn_attr); -- You are receiving this mail because: You are on the CC list for the bug.
next reply other threads:[~2021-10-29 21:41 UTC|newest] Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-10-29 21:41 eblake at redhat dot com [this message] 2021-10-30 8:44 ` [Bug libc/28519] " rjones at redhat dot com 2023-03-28 14:00 ` adhemerval.zanella at linaro dot org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-28519-131@http.sourceware.org/bugzilla/ \ --to=sourceware-bugzilla@sourceware.org \ --cc=glibc-bugs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).