Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 9 Mar 2018 12:01:40 -0500
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: No fallback to /bin/sh in execvp

On Fri, Mar 09, 2018 at 12:23:06PM +0000, Siebenborn, Axel wrote:
> Hi,
> 
> I encountered a problem with execvp with musl.
> Trying to execute shell scripts without #! fails with ENOEXEC.
> However, according to the standard, execvp should fallback to execute the file using /bin/sh.
> 
> A simple test:
> 
> Create a  script file 'prog'  without '!#' with the following content and make it executable:
> 
> /bin/echo "$@" 
> 
> Compile and run the following c-program:
> 
> #include <unistd.h>
> #include <stdio.h>
> #include <string.h>
> #include <errno.h>
> 
> int main (){
>   int ret;
>   char *cmd[] = { "./prog","Hello", "World", (char *)0 };
>   ret = execvp ("./prog", cmd);
>   int errorNumber = errno;
>   printf("Error code: %d. Error message: %s\n", errorNumber, strerror(errorNumber));
> }
> 
> With musl the execution results in the following error:
> 
> Error code: 8. Error message: Exec format error
> 
> With glibs 'Hello world' is printed.
> 
> Is this a bug, that will be fixed someday or intended behavior for security reasons.
> 
> I think it's a quiet a strange way to execute shell commands. However, some ancient code might rely on this 
> and compatibility wins over sanity,

It's a bug, but one that was considered low priority since real-world
usage is for scripts to start with #!, in which case the kernel
handles invocation. Actually doing what the standard requires here
seems hard since we'd need to allocate storage for the new argv...

Rich

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ