Hi Eric, On Apr 18 15:49, Eric Blake via Cygwin wrote: > On Tue, Apr 18, 2023 at 11:25:11AM +0200, Corinna Vinschen via Cygwin wrote: > Jumping in to this conversation a bit belatedly, but as someone on the > Austin Group that can try to get an answer upstream...
Many thanks for your input, it's highly appreciated. > > Second, the rational section in POSIX explains posix_spawn and > > posix_spawnp, but it does *not* actually provide an example > > implementation of posix_spawnp, only of posix_spawn. > > POSIX is silent as to whether posix_spawnp() has to fall back to 'sh' > on ENOEXEC failure. The p suffix is indeed similar to execvp() (which > DOES require a fallback to sh), but it could also just mean a > PATH-search, and not the PATH-search-and-sh-fallback of execvp(). As > we now have implementations in the wild that differ in behavior, and > use security as a reason for the divergence, it is worth getting that > clarified in POSIX. I'll file a bug against POSIX shortly, and reply > again once it is up. > > My personal preference: sh fallback on ENOEXEC is useful in execvp(), > but a bear to get right (see > https://www.austingroupbugs.net/view.php?id=1645 where POSIX has a bug > in requiring argv[0] to be the script's filename, which breaks busybox > sh and is NOT what glibc does; meanwhile, musl intentionally does NOT > do the sh fallback), so NOT doing it in posix_spawnp() would be > reasonable; but we'll have to see what the rest of the Austin Group > says. My point here is mostly directed to this gnulib testcase. It tests posix_spawnp in terms of an undefined behaviour, and if it doesn't behave in a certain way, it's deemed insecure. I strongly doubt that this is the right thing to do. That doesn't mean I'm refusing to change Cygwin to be aligned to the behaviour of glibc or, even more important, to POSIX. But the testcase *is* questionable. > > Has anybody attempted to ask the Austin group to define this behaviour > > in posix_spawnp more concise? Is there a protocel from the Austin > > group? If not, wouldn't it be time to ask the Austin group? > > Doing that now ;) Thanks a lot! Corinna -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
