public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
From: "eblake at redhat dot com" <sourceware-bugzilla@sourceware.org> To: glibc-bugs@sourceware.org Subject: [Bug libc/30262] New: execvp() disobeys POSIX requirement on preserving $0 to script Date: Wed, 22 Mar 2023 20:35:07 +0000 [thread overview] Message-ID: <bug-30262-131@http.sourceware.org/bugzilla/> (raw) https://sourceware.org/bugzilla/show_bug.cgi?id=30262 Bug ID: 30262 Summary: execvp() disobeys POSIX requirement on preserving $0 to script Product: glibc Version: 2.39 Status: NEW Severity: normal Priority: P2 Component: libc Assignee: unassigned at sourceware dot org Reporter: eblake at redhat dot com CC: drepper.fsp at gmail dot com Target Milestone: --- Ever since glibc first implemented ENOEXEC fallback to the shell execution of a script (see commits 6a032d81 and a1c46301bb back in 1996), it has passed "/bin/sh" (well, _PATH_BSHELL) as the argv[0] of the new shell process, which loses out on the original argv[0] of the exec[lv]p() caller. Current POSIX wording says this is wrong; and in fact, FreeBSD updated their libc in 2020 to fix the same compliance bug: https://cgit.freebsd.org/src/commit/?id=301cb491ea and since they didn't get a lot of complaints, at least the BSD world didn't have too many scripts where the change in $0 from "sh" to the original filename in an ENOEXEC fallback mattered in practice. However, I will also point out that passing argv[0] unchanged breaks busybox sh (see https://bugs.busybox.net/show_bug.cgi?id=15481). If the intent is to provide a known $0 to the shell script, the as-if rule may let us get by with other means for passing "sh" as argv[0] to the shell but still giving the shell enough information to set $0. The as-if rule might let us use ("/bin/sh", "sh", "-c", ". quoted_filename", argv[0], ...) or ("/bin/sh", "sh", "-c", "exec -a \"$0\" quoted_filename \"$@\"", argv[0], ...) if we want to avoid breaking systems where /bin/sh is busybox, but still get $0 set to the POSIX-mandated name. (The former has issues on sh where . parses files as a compound_command rather than a program - yes, the difference is observable when it comes to alias handling; the latter has problems on sh where 'exec -a' is not implemented, since POSIX doesn't mandate it). I've opened a bug with the Austin Group seeing if they will relax the standard to allow our behavior of passing "sh" rather than arg0 when hitting the ENOEXEC fallback (note that because of kernel handling of #! lines, and most scripts being installed with a shebang, it is surprisingly rare that glibc even sees ENOEXEC in the first place): https://www.austingroupbugs.net/view.php?id=1645 It's probably worth waiting for the Austin Group conversation to settle before we decide which change (if any) is needed, given that unlike the FreeBSD world, we really do risk breaking systems where /bin/sh is from busybox. -- You are receiving this mail because: You are on the CC list for the bug.
next reply other threads:[~2023-03-22 20:35 UTC|newest] Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-03-22 20:35 eblake at redhat dot com [this message] 2023-03-23 1:03 ` [Bug libc/30262] " gabravier at gmail dot com 2023-05-12 15:17 ` eblake at redhat dot com
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-30262-131@http.sourceware.org/bugzilla/ \ --to=sourceware-bugzilla@sourceware.org \ --cc=glibc-bugs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).