A NOTE has been added to this issue. ====================================================================== https://austingroupbugs.net/view.php?id=1435 ====================================================================== Reported By: zackw Assigned To: ====================================================================== Project: 1003.1(2016/18)/Issue7+TC2 Issue ID: 1435 Category: System Interfaces Type: Error Severity: Objection Priority: normal Status: New Name: Zack Weinberg Organization: GNU User Reference: Section: exec Page Number: (unknown) Line Number: (unknown) Interp Status: --- Final Accepted Text: ====================================================================== Date Submitted: 2020-12-15 14:50 UTC Last Modified: 2020-12-15 15:22 UTC ====================================================================== Summary: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC ======================================================================
---------------------------------------------------------------------- (0005173) geoffclare (manager) - 2020-12-15 15:22 https://austingroupbugs.net/view.php?id=1435#c5173 ---------------------------------------------------------------------- There is no point changing execlp() and execvp() as there are many other ways that a shell can be invoked to try to execute such a file (e.g. system(), popen(), or just interactive use of a shell). The right place to deal with the issue is in the shell, and this was done in bug https://austingroupbugs.net/view.php?id=1226. However, looking again at 1226 I see that there are two occurrences of the text that it fixes, and it only fixes one of them. Since that bug has already been applied, we should use this new bug as an opportunity to fix the other one. On page 2368 line 75615 section 2.9.1.1, change:<blockquote>If the executable file is not a text file, the shell may bypass this command execution. In this case, it shall write an error message, and shall return an exit status of 126.</blockquote>to:<blockquote>The shell may apply a heuristic check to determine if the file to be executed could be a script and may bypass this command execution if it determines that the file cannot be a script. In this case, it shall write an error message, and shall return an exit status of 126. <small><b>Note:</b> A common heuristic for rejecting files that cannot be a script is locating a NUL byte prior to a <newline> byte within a fixed-length prefix of the file. Since sh is required to accept input files with unlimited line lengths, the heuristic check cannot be based on line length.</small></blockquote> Issue History Date Modified Username Field Change ====================================================================== 2020-12-15 14:50 zackw New Issue 2020-12-15 14:50 zackw Name => Zack Weinberg 2020-12-15 14:50 zackw Organization => GNU 2020-12-15 14:50 zackw Section => exec 2020-12-15 14:50 zackw Page Number => (unknown) 2020-12-15 14:50 zackw Line Number => (unknown) 2020-12-15 15:22 geoffclare Note Added: 0005173 ======================================================================