Venky, are you sure the patch works? I applied it to my work tree (which includes changes for http://cr.opensolaris.org/~fleyta/ksh93_update2_bugfix1_20100326_03_webrev/) and make testshell in usr/src/cmd/ksh/amd64 immediately crashed in the alias.sh module: ## Running amd64/ksh test: LANG='C' script='alias.sh', mode='compiled_script' # test shcomp-alias.ksh begins # ../../../lib/libshell/common/tests/shtests: line 130: 21908: Memory fault(coredump) # test shcomp-alias.ksh failed to compile with exit code 267 [ 1 test 1 error ] ##--------> test failed *** Error code 1 The stack trace shows that shcomp blew up: core 'core' of 21908: /home/fleyta/ksh93/venky_setid/p030/proto/root_i386/usr/bin/shcomp fedce25a nv_disc (80743fc, 80747a0, 1, fedcf6b9) + 18a fedcf6e9 nv_mount (80743fc, 0, 80746c0, fedae2e2) + 101 fedae43f inittree (8062238, fee1d940, 8062238, fedadbaa) + 16b fedadbf8 nv_init (8062238, fedaaee0, a, fedaca05) + 5c fedacc4f sh_init (2, 8046db4, 0, 0) + 40f 08051167 main (2, 8046db4, 8046dc0, 8050fbf) + bb 0805101d _start (2, 8046fa4, 8046fee, 0, 804701a, 804706d) + 7d
Can you go to usr/src/cmd/ksh/amd64 in your workspace, do a make testshell and look if this crashes, please? Olga On Wed, Mar 24, 2010 at 2:20 PM, Venky <venk...@opensolaris.org> wrote: > Hi Olga, > >> > Venky, does this issue occur even if you bypass isaexec, i.e. > > Yes, tried this with /usr/bin/sparcv9/ksh93 to make sure isaexec > does not complicate things. It does seem to be because of the > arguments getting mangled in line 1217 of libshell/common/sh/init.c. > > A quick hack to restore the mangled arguments before exec (patch > attached) seems to fix this issue. The $0 value remains messed up, > though. It displays /dev/fd/XX as the script name, while a #! line > without arguments displays the correct script name. > > # cat >t1.ksh <<EOF > #!/usr/bin/sparcv9/ksh93 -p > echo \$0 > EOF > > # cat >t2.ksh <<EOF > #!/usr/bin/sparcv9/ksh93 > echo \$0 > EOF > > # chmod +xs t[12].ksh > # ls -l t* > -rwsr-sr-x 1 root root 36 Mar 24 05:51 t1.ksh > -rwsr-sr-x 1 root root 33 Mar 24 05:51 t2.ksh > # exit > > $ ./t1.ksh > /dev/fd/4 > $ ./t2.ksh > t2.ksh > > Venky. > > On Wed, Mar 24, 2010 at 03:13:08AM +0100, ????? ???????????? wrote: >> 2010/3/24 ?????????? ???????????????????????? <olga.kryzhanov...@gmail.com>: >> > Venky, does this issue occur even if you bypass isaexec, i.e. >> > #!/usr/bin/i86/ksh -p >> >> Correction: >> #!/usr/bin/i86/ksh93 -p >> >> > or >> > #!/usr/bin/sparcv0/ksh -p >> >> Correction: >> #!/usr/bin/sparcv9/ksh93 -p >> >> > >> > Olga >> > >> > On Fri, Mar 19, 2010 at 4:06 PM, Venky <venk...@opensolaris.org> wrote: >> >> Have been investigating CR 6934836. >> >> >> >> 6934836 set-uid script with -p in magic number gets Exec format error >> >> http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6934836 >> >> >> >> Have a few questions I'm hoping the ksh93 folks here will be able >> >> to help me with. >> >> >> >> It looks like the bug is due to the fact that set-uid scripts get >> >> passed to the shell as a /dev/fd/XX parameter instead of the actual >> >> path. This has problems with ksh93 *only* if there are any options >> >> passed on the command line. >> >> >> >> The test program below demonstrates this: >> >> >> >> ---------- >> >> >> >> $ cat testexec.c >> >> #include <stdio.h> >> >> #include <fcntl.h> >> >> #include <unistd.h> >> >> >> >> int >> >> main() >> >> { >> >> int fd = -1; >> >> char devfd[32]; >> >> char *script = "/tmp/ok.ksh"; /* Can be any simple script */ >> >> >> >> fd = open(script, O_RDONLY); >> >> sprintf(devfd, "/dev/fd/%d", fd); >> >> execl("/usr/bin/sparcv9/ksh93", "ksh", "-v", devfd, NULL); >> >> } >> >> $ ./testexec >> >> /usr/bin/ksh: /usr/bin/ksh: cannot execute [Exec format error] >> >> >> >> ---------- >> >> >> >> The culprit seems to be the code below: >> >> >> >> <lib/libshell/common/sh/init.c> >> >> http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/lib/libshell/common/sh/init.c#1216 >> >> >> >> 1216 shp->st.dolv=argv+(argc-1)-shp->st.dolc; >> >> 1217 shp->st.dolv[0] = argv[0]; >> >> >> >> Here, we are overwriting one of the arguments of argv (because >> >> shp->st.dolv indexes into the argv vector). >> >> >> >> In this particular case, argv which originally looked like this: >> >> >> >> ksh, -v, /dev/fd/3 >> >> >> >> ends up looking like this: >> >> >> >> ksh, ksh, /dev/fd/3 >> >> >> >> We then pass the mangled argv to execv(): >> >> >> >> <lib/libshell/common/sh/main.c> >> >> http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/lib/libshell/common/sh/main.c#298 >> >> >> >> 298 /* exec to change $0 for ps */ >> >> 299 execv(pathshell(),av); >> >> >> >> As a consequence, ksh tries to load the ksh binary as a shell script and >> >> fails with an "Exec format" error. >> >> >> >> Have been digging around trying to figure out what is the right >> >> thing to do in this situation. Figured some of the people more >> >> familiar with the ksh93 source might be able to help. >> >> >> >> Also, the execv() call above uses pathshell() which seems plain wrong. >> >> The whole exec hack here seems to be to make sure $0 is set correctly >> >> for ps. But pathshell() looks at the SHELL variable and might end up >> >> executing the script with a different shell altogether. >> >> >> >> Any help appreciated. >> >> >> >> Thanks, >> >> Venky. >> >> _______________________________________________ >> >> ksh93-integration-discuss mailing list >> >> ksh93-integration-discuss@opensolaris.org >> >> http://mail.opensolaris.org/mailman/listinfo/ksh93-integration-discuss >> >> >> > >> > >> > >> > -- >> > , _ _ , >> > { \/`o;====- Olga Kryzhanovska -====;o`\/ } >> > .----'-/`-/ olga.kryzhanov...@gmail.com \-`\-'----. >> > `'-..-| / Solaris/BSD//C/C++ programmer \ |-..-'` >> > /\/\ /\/\ >> > `--` `--` >> > >> >> >> >> -- >> , _ _ , >> { \/`o;====- Olga Kryzhanovska -====;o`\/ } >> .----'-/`-/ olga.kryzhanov...@gmail.com \-`\-'----. >> `'-..-| / Solaris/BSD//C/C++ programmer \ |-..-'` >> /\/\ /\/\ >> `--` `--` > -- , _ _ , { \/`o;====- Olga Kryzhanovska -====;o`\/ } .----'-/`-/ olga.kryzhanov...@gmail.com \-`\-'----. `'-..-| / Solaris/BSD//C/C++ programmer \ |-..-'` /\/\ /\/\ `--` `--` _______________________________________________ ksh93-integration-discuss mailing list ksh93-integration-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/ksh93-integration-discuss
