2010/3/24 ????? ???????????? <olga.kryzhanovska at gmail.com>: > Venky, does this issue occur even if you bypass isaexec, i.e. > #!/usr/bin/i86/ksh -p
Correction: #!/usr/bin/i86/ksh93 -p > or > #!/usr/bin/sparcv0/ksh -p Correction: #!/usr/bin/sparcv9/ksh93 -p > > Olga > > On Fri, Mar 19, 2010 at 4:06 PM, Venky <venkytv at opensolaris.org> wrote: >> Have been investigating CR 6934836. >> >> 6934836 set-uid script with -p in magic number gets Exec format error >> http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6934836 >> >> Have a few questions I'm hoping the ksh93 folks here will be able >> to help me with. >> >> It looks like the bug is due to the fact that set-uid scripts get >> passed to the shell as a /dev/fd/XX parameter instead of the actual >> path. This has problems with ksh93 *only* if there are any options >> passed on the command line. >> >> The test program below demonstrates this: >> >> ---------- >> >> $ cat testexec.c >> #include <stdio.h> >> #include <fcntl.h> >> #include <unistd.h> >> >> int >> main() >> { >> int fd = -1; >> char devfd[32]; >> char *script = "/tmp/ok.ksh"; /* Can be any simple script */ >> >> fd = open(script, O_RDONLY); >> sprintf(devfd, "/dev/fd/%d", fd); >> execl("/usr/bin/sparcv9/ksh93", "ksh", "-v", devfd, NULL); >> } >> $ ./testexec >> /usr/bin/ksh: /usr/bin/ksh: cannot execute [Exec format error] >> >> ---------- >> >> The culprit seems to be the code below: >> >> <lib/libshell/common/sh/init.c> >> http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/lib/libshell/common/sh/init.c#1216 >> >> 1216 shp->st.dolv=argv+(argc-1)-shp->st.dolc; >> 1217 shp->st.dolv[0] = argv[0]; >> >> Here, we are overwriting one of the arguments of argv (because >> shp->st.dolv indexes into the argv vector). >> >> In this particular case, argv which originally looked like this: >> >> ksh, -v, /dev/fd/3 >> >> ends up looking like this: >> >> ksh, ksh, /dev/fd/3 >> >> We then pass the mangled argv to execv(): >> >> <lib/libshell/common/sh/main.c> >> http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/lib/libshell/common/sh/main.c#298 >> >> 298 /* exec to change $0 for ps */ >> 299 execv(pathshell(),av); >> >> As a consequence, ksh tries to load the ksh binary as a shell script and >> fails with an "Exec format" error. >> >> Have been digging around trying to figure out what is the right >> thing to do in this situation. Figured some of the people more >> familiar with the ksh93 source might be able to help. >> >> Also, the execv() call above uses pathshell() which seems plain wrong. >> The whole exec hack here seems to be to make sure $0 is set correctly >> for ps. But pathshell() looks at the SHELL variable and might end up >> executing the script with a different shell altogether. >> >> Any help appreciated. >> >> Thanks, >> Venky. >> _______________________________________________ >> ksh93-integration-discuss mailing list >> ksh93-integration-discuss at opensolaris.org >> http://mail.opensolaris.org/mailman/listinfo/ksh93-integration-discuss >> > > > > -- > , _ _ , > { \/`o;====- Olga Kryzhanovska -====;o`\/ } > .----'-/`-/ olga.kryzhanovska at gmail.com \-`\-'----. > `'-..-| / Solaris/BSD//C/C++ programmer \ |-..-'` > /\/\ /\/\ > `--` `--` > -- , _ _ , { \/`o;====- Olga Kryzhanovska -====;o`\/ } .----'-/`-/ olga.kryzhanovska at gmail.com \-`\-'----. `'-..-| / Solaris/BSD//C/C++ programmer \ |-..-'` /\/\ /\/\ `--` `--`
