From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 694493858439; Fri, 29 Oct 2021 21:41:51 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 694493858439 From: "eblake at redhat dot com" To: glibc-bugs@sourceware.org Subject: [Bug libc/28519] New: system and popen should pass "--" between /bin/sh and argument Date: Fri, 29 Oct 2021 21:41:51 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: libc X-Bugzilla-Version: 2.35 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: eblake at redhat dot com X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter cc target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: glibc-bugs@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Glibc-bugs mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Oct 2021 21:41:51 -0000 https://sourceware.org/bugzilla/show_bug.cgi?id=3D28519 Bug ID: 28519 Summary: system and popen should pass "--" between /bin/sh and argument Product: glibc Version: 2.35 Status: NEW Severity: normal Priority: P2 Component: libc Assignee: unassigned at sourceware dot org Reporter: eblake at redhat dot com CC: drepper.fsp at gmail dot com Target Milestone: --- The POSIX developers recently learned that if system() and popen() are requ= ired to NOT use "--", there are some cases where a user string is interpreted as shell options instead of the command to execute (namely, if the user string starts with '-' or '+'): https://austingroupbugs.net/view.php?id=3D1440 https://mail-index.netbsd.org/current-users/2021/10/29/msg041629.html is an interesting read on the topic, as well, including a very simple test case t= hat proves that glibc is not yet handling things right for system() (assuming y= ou do not have a trojan horse executable "-f" on your $PATH): $ ed ! -f=20 sh: line 1: -f: command not found ! !-f sh: -c: option requires an argument ! q Whether or not the POSIX folks actually require "--" in the Issue 8 revisio= n of POSIX (or defer it to Issue 9 because of complaints that it's not standard behavior yet), glibc really should fix its implementation to pass "--" now.= If nothing else, the more implementations have correct behavior now, the easie= r it will be for POSIX to say it is standard behavior for Issue 8. Modulo testsuite additions (and maybe also fixing wordexp(), it may be as simple as: diff --git i/libio/iopopen.c w/libio/iopopen.c index 0266d19870..8d8cd1382c 100644 --- i/libio/iopopen.c +++ w/libio/iopopen.c @@ -85,7 +85,7 @@ spawn_process (posix_spawn_file_actions_t *fa, FILE *fp, const char *command, } if (__posix_spawn (&((_IO_proc_file *) fp)->pid, _PATH_BSHELL, fa, 0, - (char *const[]){ (char*) "sh", (char*) "-c", + (char *const[]){ (char*) "sh", (char*) "-c", (char*) "= --", (char *) command, NULL }, __environ) !=3D 0) return false; diff --git i/sysdeps/posix/system.c w/sysdeps/posix/system.c index 48668fb392..42e839aa9d 100644 --- i/sysdeps/posix/system.c +++ w/sysdeps/posix/system.c @@ -147,6 +147,7 @@ do_system (const char *line) ret =3D __posix_spawn (&pid, SHELL_PATH, 0, &spawn_attr, (char *const[]){ (char *) SHELL_NAME, (char *) "-c", + (char *) "--", (char *) line, NULL }, __environ); __posix_spawnattr_destroy (&spawn_attr); --=20 You are receiving this mail because: You are on the CC list for the bug.=