Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 22 Oct 2021 01:11:43 -0500
From: Rob Landley <rob@...dley.net>
To: enh <enh@...gle.com>
Cc: Rich Felker <dalias@...c.org>,
 austin-group-l <austin-group-l@...ngroup.org>, libc-coord@...ts.openwall.com
Subject: Re: Posix issue 8 pending change to system().

On 10/21/21 6:38 PM, enh wrote:
> On Thu, Oct 21, 2021 at 10:56 AM Rob Landley wrote:
> 
> > I was on the posix call today, and they have a bug:
> >
> >   https://austingroupbugs.net/view.php?id=1440
> >
> > Where system("-blah") fails because sh is insane legacy weirdness and it turns
> > out that -c does NOT take an argument. So:
> >
> >   sh -c -i "echo hello"
> >
> > Works, which that means "sh -c -potato" tries to parse -potato as an option, and
> > fails.
> >
> > The suggested fix is to change system() so that instead of {"sh", "-c", command,
> > NULL} it does {"sh", "-c", "--", command, NULL} instead, but that can't go into
> > an issue 7 tc because it's a behavior change which means it would go into issue
> > 8. (Which they're working on now.)
> >
> > But they can't standardize a new feature without a "commitment to implement it"
> > by at least one package maintainer, so I thought I'd give you guys a shout.
> > Looks trivial to implement in both codebases? Dash and android's shell both work
> > with --...
> >
> > The minutes of the meeting aren't posted to the mailing list yet but they're on
> > https://posix.rhansen.org/p/2021-10-21 for now. This part's at the bottom.
> >
> > Rob
> > it's unclear whether anyone's actually hit this in practice? and even if they
> had, their portable workaround would be to prefix with "exec "?
>
> maybe try libc-coord@...ts.openwall.com and see if there's any consensus that
> this is worth the potential trouble? i'm worried that someone is
> _deliberately_ using this to pass extra flags to the shell, which wouldn't
> have a workaround if we did make this change :-(

Pinging you and Rich was my attempt at that, but if there's a dedicated list...

Rob

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.