subject:"\[1003.1\(2016\/18\)\/Issue7\+TC2 0001435\]\: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC"

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

2021-08-16 Thread Austin Group Bug Tracker via austin-group-l at The Open Group



The following issue has a resolution that has been APPLIED. 
== 
https://austingroupbugs.net/view.php?id=1435 
== 
Reported By:zackw
Assigned To:
== 
Project:1003.1(2016/18)/Issue7+TC2
Issue ID:   1435
Category:   System Interfaces
Type:   Error
Severity:   Objection
Priority:   normal
Status: Applied
Name:   Zack Weinberg 
Organization:   GNU 
User Reference:  
Section:exec 
Page Number:(unknown) 
Line Number:(unknown) 
Interp Status:  --- 
Final Accepted Text:https://austingroupbugs.net/view.php?id=1435#c5298 
Resolution: Accepted As Marked
Fixed in Version:   
== 
Date Submitted: 2020-12-15 14:50 UTC
Last Modified:  2021-08-16 10:47 UTC
== 
Summary:execlp and execvp should not execute a command
interpreter when other members of the exec family would fail with ENOEXEC
==
Relationships   ID  Summary
--
related to  0001226 shell can not test if a file is text
== 

Issue History 
Date ModifiedUsername   FieldChange   
== 
2020-12-15 14:50 zackw  New Issue
2020-12-15 14:50 zackw  Name  => Zack Weinberg   
2020-12-15 14:50 zackw  Organization  => GNU 
2020-12-15 14:50 zackw  Section   => exec
2020-12-15 14:50 zackw  Page Number   => (unknown)   
2020-12-15 14:50 zackw  Line Number   => (unknown)   
2020-12-15 15:22 geoffclare Note Added: 0005173  
2020-12-15 15:22 geoffclare Relationship added   related to 0001226  
2020-12-15 15:31 zackw  Note Added: 0005174  
2020-12-15 15:45 geoffclare Note Added: 0005175  
2020-12-15 15:53 zackw  Note Added: 0005176  
2020-12-15 15:54 zackw  Note Added: 0005177  
2020-12-15 15:56 zackw  Note Added: 0005178  
2020-12-15 16:11 shware_systems Note Added: 0005179  
2020-12-16 02:08 dannyniu   Note Added: 0005180  
2020-12-16 02:18 dannyniu   Note Edited: 0005180 
2021-03-19 17:51 kreNote Added: 0005294  
2021-03-19 17:55 kreNote Added: 0005295  
2021-03-22 15:43 geoffclare Note Added: 0005298  
2021-03-22 15:44 geoffclare Interp Status => --- 
2021-03-22 15:44 geoffclare Final Accepted Text   =>
https://austingroupbugs.net/view.php?id=1435#c5298
2021-03-22 15:44 geoffclare Status   New => Resolved 
2021-03-22 15:44 geoffclare Resolution   Open => Accepted As
Marked
2021-03-22 15:45 geoffclare Tag Attached: tc3-2008   
2021-08-16 10:47 geoffclare Status   Resolved => Applied 
==

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

2021-03-22 Thread Austin Group Bug Tracker via austin-group-l at The Open Group



The following issue has been RESOLVED. 
== 
https://austingroupbugs.net/view.php?id=1435 
== 
Reported By:zackw
Assigned To:
== 
Project:1003.1(2016/18)/Issue7+TC2
Issue ID:   1435
Category:   System Interfaces
Type:   Error
Severity:   Objection
Priority:   normal
Status: Resolved
Name:   Zack Weinberg 
Organization:   GNU 
User Reference:  
Section:exec 
Page Number:(unknown) 
Line Number:(unknown) 
Interp Status:  --- 
Final Accepted Text:https://austingroupbugs.net/view.php?id=1435#c5298 
Resolution: Accepted As Marked
Fixed in Version:   
== 
Date Submitted: 2020-12-15 14:50 UTC
Last Modified:  2021-03-22 15:44 UTC
== 
Summary:execlp and execvp should not execute a command
interpreter when other members of the exec family would fail with ENOEXEC
==
Relationships   ID  Summary
--
related to  0001226 shell can not test if a file is text
== 

Issue History 
Date ModifiedUsername   FieldChange   
== 
2020-12-15 14:50 zackw  New Issue
2020-12-15 14:50 zackw  Name  => Zack Weinberg   
2020-12-15 14:50 zackw  Organization  => GNU 
2020-12-15 14:50 zackw  Section   => exec
2020-12-15 14:50 zackw  Page Number   => (unknown)   
2020-12-15 14:50 zackw  Line Number   => (unknown)   
2020-12-15 15:22 geoffclare Note Added: 0005173  
2020-12-15 15:22 geoffclare Relationship added   related to 0001226  
2020-12-15 15:31 zackw  Note Added: 0005174  
2020-12-15 15:45 geoffclare Note Added: 0005175  
2020-12-15 15:53 zackw  Note Added: 0005176  
2020-12-15 15:54 zackw  Note Added: 0005177  
2020-12-15 15:56 zackw  Note Added: 0005178  
2020-12-15 16:11 shware_systems Note Added: 0005179  
2020-12-16 02:08 dannyniu   Note Added: 0005180  
2020-12-16 02:18 dannyniu   Note Edited: 0005180 
2021-03-19 17:51 kreNote Added: 0005294  
2021-03-19 17:55 kreNote Added: 0005295  
2021-03-22 15:43 geoffclare Note Added: 0005298  
2021-03-22 15:44 geoffclare Interp Status => --- 
2021-03-22 15:44 geoffclare Final Accepted Text   =>
https://austingroupbugs.net/view.php?id=1435#c5298
2021-03-22 15:44 geoffclare Status   New => Resolved 
2021-03-22 15:44 geoffclare Resolution   Open => Accepted As
Marked
==

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

2021-03-22 Thread Austin Group Bug Tracker via austin-group-l at The Open Group



A NOTE has been added to this issue. 
== 
https://austingroupbugs.net/view.php?id=1435 
== 
Reported By:zackw
Assigned To:
== 
Project:1003.1(2016/18)/Issue7+TC2
Issue ID:   1435
Category:   System Interfaces
Type:   Error
Severity:   Objection
Priority:   normal
Status: New
Name:   Zack Weinberg 
Organization:   GNU 
User Reference:  
Section:exec 
Page Number:(unknown) 
Line Number:(unknown) 
Interp Status:  --- 
Final Accepted Text: 
== 
Date Submitted: 2020-12-15 14:50 UTC
Last Modified:  2021-03-22 15:43 UTC
== 
Summary:execlp and execvp should not execute a command
interpreter when other members of the exec family would fail with ENOEXEC
==
Relationships   ID  Summary
--
related to  0001226 shell can not test if a file is text
== 

-- 
 (0005298) geoffclare (manager) - 2021-03-22 15:43
 https://austingroupbugs.net/view.php?id=1435#c5298 
-- 
At page 784, line 26542 exec DESCRIPTION, change:The argument
path points to a pathname that identifies the new process image
file.to:For the execl(), execle(),
execv(), and execve() functions, the argument path
points to a pathname that identifies the new process image
file.
At page 784, line 26543 exec DESCRIPTION, change:The argument
file is used to construct a pathname
...to:For the execlp() and execvp()
functions, the argument file is used to construct a pathname
...
On page 2368 line 75615 section 2.9.1.1, change:If the
executable file is not a text file, the shell may bypass this command
execution. In this case, it shall write an error message, and shall return
an exit status of 126.to:The shell may apply a
heuristic check to determine if the file to be executed could be a script
and may bypass this command execution if it determines that the file cannot
be a script. In this case, it shall write an error message, and shall
return an exit status of 126.
Note: A common heuristic for rejecting files that cannot be a
script is locating a NUL byte prior to a  byte within a
fixed-length prefix of the file. Since sh is required to accept
input files with unlimited line lengths, the heuristic check cannot be
based on line length. 

Issue History 
Date ModifiedUsername   FieldChange   
== 
2020-12-15 14:50 zackw  New Issue
2020-12-15 14:50 zackw  Name  => Zack Weinberg   
2020-12-15 14:50 zackw  Organization  => GNU 
2020-12-15 14:50 zackw  Section   => exec
2020-12-15 14:50 zackw  Page Number   => (unknown)   
2020-12-15 14:50 zackw  Line Number   => (unknown)   
2020-12-15 15:22 geoffclare Note Added: 0005173  
2020-12-15 15:22 geoffclare Relationship added   related to 0001226  
2020-12-15 15:31 zackw  Note Added: 0005174  
2020-12-15 15:45 geoffclare Note Added: 0005175  
2020-12-15 15:53 zackw  Note Added: 0005176  
2020-12-15 15:54 zackw  Note Added: 0005177  
2020-12-15 15:56 zackw  Note Added: 0005178  
2020-12-15 16:11 shware_systems Note Added: 0005179  
2020-12-16 02:08 dannyniu   Note Added: 0005180  
2020-12-16 02:18 dannyniu   Note Edited: 0005180 
2021-03-19 17:51 kreNote Added: 0005294  
2021-03-19 17:55 kreNote Added: 0005295  
2021-03-22 15:43 geoffclare Note Added: 0005298  
==

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

2021-03-19 Thread Austin Group Bug Tracker via austin-group-l at The Open Group



A NOTE has been added to this issue. 
== 
https://austingroupbugs.net/view.php?id=1435 
== 
Reported By:zackw
Assigned To:
== 
Project:1003.1(2016/18)/Issue7+TC2
Issue ID:   1435
Category:   System Interfaces
Type:   Error
Severity:   Objection
Priority:   normal
Status: New
Name:   Zack Weinberg 
Organization:   GNU 
User Reference:  
Section:exec 
Page Number:(unknown) 
Line Number:(unknown) 
Interp Status:  --- 
Final Accepted Text: 
== 
Date Submitted: 2020-12-15 14:50 UTC
Last Modified:  2021-03-19 17:55 UTC
== 
Summary:execlp and execvp should not execute a command
interpreter when other members of the exec family would fail with ENOEXEC
==
Relationships   ID  Summary
--
related to  0001226 shell can not test if a file is text
== 

-- 
 (0005295) kre (reporter) - 2021-03-19 17:55
 https://austingroupbugs.net/view.php?id=1435#c5295 
-- 
Re https://austingroupbugs.net/view.php?id=1435#c5294

Just in case I caused confusion, I have no problem using this bug as
a mechanism to fix the issue noted in
https://austingroupbugs.net/view.php?id=1435#c5173

Just not to do what is requested in the Desired Action. 

Issue History 
Date ModifiedUsername   FieldChange   
== 
2020-12-15 14:50 zackw  New Issue
2020-12-15 14:50 zackw  Name  => Zack Weinberg   
2020-12-15 14:50 zackw  Organization  => GNU 
2020-12-15 14:50 zackw  Section   => exec
2020-12-15 14:50 zackw  Page Number   => (unknown)   
2020-12-15 14:50 zackw  Line Number   => (unknown)   
2020-12-15 15:22 geoffclare Note Added: 0005173  
2020-12-15 15:22 geoffclare Relationship added   related to 0001226  
2020-12-15 15:31 zackw  Note Added: 0005174  
2020-12-15 15:45 geoffclare Note Added: 0005175  
2020-12-15 15:53 zackw  Note Added: 0005176  
2020-12-15 15:54 zackw  Note Added: 0005177  
2020-12-15 15:56 zackw  Note Added: 0005178  
2020-12-15 16:11 shware_systems Note Added: 0005179  
2020-12-16 02:08 dannyniu   Note Added: 0005180  
2020-12-16 02:18 dannyniu   Note Edited: 0005180 
2021-03-19 17:51 kreNote Added: 0005294  
2021-03-19 17:55 kreNote Added: 0005295  
==

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

2021-03-19 Thread Austin Group Bug Tracker via austin-group-l at The Open Group



A NOTE has been added to this issue. 
== 
https://austingroupbugs.net/view.php?id=1435 
== 
Reported By:zackw
Assigned To:
== 
Project:1003.1(2016/18)/Issue7+TC2
Issue ID:   1435
Category:   System Interfaces
Type:   Error
Severity:   Objection
Priority:   normal
Status: New
Name:   Zack Weinberg 
Organization:   GNU 
User Reference:  
Section:exec 
Page Number:(unknown) 
Line Number:(unknown) 
Interp Status:  --- 
Final Accepted Text: 
== 
Date Submitted: 2020-12-15 14:50 UTC
Last Modified:  2021-03-19 17:51 UTC
== 
Summary:execlp and execvp should not execute a command
interpreter when other members of the exec family would fail with ENOEXEC
==
Relationships   ID  Summary
--
related to  0001226 shell can not test if a file is text
== 

-- 
 (0005294) kre (reporter) - 2021-03-19 17:51
 https://austingroupbugs.net/view.php?id=1435#c5294 
-- 
We certainly cannot make the change as requested, which looks to me to be
an attempt to force implementation change via the standards process, which
is not the way that things should work.

If implementations find that security is being compromised because of the
way execlp() and execvp() work, then they will change the way those things
work, or  the applications that use them and become vulnerable.  If the
former were to happen, updating the standard might become reasonable.

I actually doubt there is any real problem however, privileged
applications
shouldn't (while privileged) be running anything using execlp() or
execvp(),
there are way too many ways to compromise that ... doing so using the
method described here would be way down the list of things to try - and
one
of earlier attempts would probably succeed.   Avoiding using those
functions
in privileged applications is the correct solution (and doing manual PATH
searches as a replacement is almost as bad, so they shouldn't do that
either).

Just reject this bug. 

Issue History 
Date ModifiedUsername   FieldChange   
== 
2020-12-15 14:50 zackw  New Issue
2020-12-15 14:50 zackw  Name  => Zack Weinberg   
2020-12-15 14:50 zackw  Organization  => GNU 
2020-12-15 14:50 zackw  Section   => exec
2020-12-15 14:50 zackw  Page Number   => (unknown)   
2020-12-15 14:50 zackw  Line Number   => (unknown)   
2020-12-15 15:22 geoffclare Note Added: 0005173  
2020-12-15 15:22 geoffclare Relationship added   related to 0001226  
2020-12-15 15:31 zackw  Note Added: 0005174  
2020-12-15 15:45 geoffclare Note Added: 0005175  
2020-12-15 15:53 zackw  Note Added: 0005176  
2020-12-15 15:54 zackw  Note Added: 0005177  
2020-12-15 15:56 zackw  Note Added: 0005178  
2020-12-15 16:11 shware_systems Note Added: 0005179  
2020-12-16 02:08 dannyniu   Note Added: 0005180  
2020-12-16 02:18 dannyniu   Note Edited: 0005180 
2021-03-19 17:51 kreNote Added: 0005294  
==

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

2020-12-15 Thread Austin Group Bug Tracker via austin-group-l at The Open Group



A NOTE has been added to this issue. 
== 
https://www.austingroupbugs.net/view.php?id=1435 
== 
Reported By:zackw
Assigned To:
== 
Project:1003.1(2016/18)/Issue7+TC2
Issue ID:   1435
Category:   System Interfaces
Type:   Error
Severity:   Objection
Priority:   normal
Status: New
Name:   Zack Weinberg 
Organization:   GNU 
User Reference:  
Section:exec 
Page Number:(unknown) 
Line Number:(unknown) 
Interp Status:  --- 
Final Accepted Text: 
== 
Date Submitted: 2020-12-15 14:50 UTC
Last Modified:  2020-12-16 02:08 UTC
== 
Summary:execlp and execvp should not execute a command
interpreter when other members of the exec family would fail with ENOEXEC
==
Relationships   ID  Summary
--
related to  0001226 shell can not test if a file is text
== 

-- 
 (0005180) dannyniu (reporter) - 2020-12-16 02:08
 https://www.austingroupbugs.net/view.php?id=1435#c5180 
-- 
As a read-only member on the mailing list who currently supervises the
security logic of the web app deployed on our Linux server, I totally agree
this is a serious potential security exploit. 

I suggest a moderate modification. That is: 

Change: 

> execlp() and execvp() functions shall execute a command interpreter ...

To

> execlp() and execvp() functions may execute the "sh" command interpreter
... 

Issue History 
Date ModifiedUsername   FieldChange   
== 
2020-12-15 14:50 zackw  New Issue
2020-12-15 14:50 zackw  Name  => Zack Weinberg   
2020-12-15 14:50 zackw  Organization  => GNU 
2020-12-15 14:50 zackw  Section   => exec
2020-12-15 14:50 zackw  Page Number   => (unknown)   
2020-12-15 14:50 zackw  Line Number   => (unknown)   
2020-12-15 15:22 geoffclare Note Added: 0005173  
2020-12-15 15:22 geoffclare Relationship added   related to 0001226  
2020-12-15 15:31 zackw  Note Added: 0005174  
2020-12-15 15:45 geoffclare Note Added: 0005175  
2020-12-15 15:53 zackw  Note Added: 0005176  
2020-12-15 15:54 zackw  Note Added: 0005177  
2020-12-15 15:56 zackw  Note Added: 0005178  
2020-12-15 16:11 shware_systems Note Added: 0005179  
2020-12-16 02:08 dannyniu   Note Added: 0005180  
==

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

2020-12-15 Thread Austin Group Bug Tracker via austin-group-l at The Open Group



A NOTE has been added to this issue. 
== 
https://www.austingroupbugs.net/view.php?id=1435 
== 
Reported By:zackw
Assigned To:
== 
Project:1003.1(2016/18)/Issue7+TC2
Issue ID:   1435
Category:   System Interfaces
Type:   Error
Severity:   Objection
Priority:   normal
Status: New
Name:   Zack Weinberg 
Organization:   GNU 
User Reference:  
Section:exec 
Page Number:(unknown) 
Line Number:(unknown) 
Interp Status:  --- 
Final Accepted Text: 
== 
Date Submitted: 2020-12-15 14:50 UTC
Last Modified:  2020-12-15 16:11 UTC
== 
Summary:execlp and execvp should not execute a command
interpreter when other members of the exec family would fail with ENOEXEC
==
Relationships   ID  Summary
--
related to  0001226 shell can not test if a file is text
== 

-- 
 (0005179) shware_systems (reporter) - 2020-12-15 16:11
 https://www.austingroupbugs.net/view.php?id=1435#c5179 
-- 
Those interfaces support the idea a utility may be implemented as a binary
or a script, with binaries having attempt priority. The #! concept is an
adjunct to this, not a replacement. It is for hardware and configuration
dependant reasons like in the description why #! is precluded by the
standard, however. There was a request to add it, a few years ago, and the
issues discussed for rejecting it include factors out of scope for the
standard. 

It is also on the shell to provide a heuristic that recognizes sequences
like in the description as being non-text, as the specified behavior, and
reject processing it, per bug 1226. This is the same as the binary loader
is expected to reject binaries for an incompatible processor. If it doesn't
do this adequately it is a bug in that shell or loader, that I see, not a
standard defect. 

Issue History 
Date ModifiedUsername   FieldChange   
== 
2020-12-15 14:50 zackw  New Issue
2020-12-15 14:50 zackw  Name  => Zack Weinberg   
2020-12-15 14:50 zackw  Organization  => GNU 
2020-12-15 14:50 zackw  Section   => exec
2020-12-15 14:50 zackw  Page Number   => (unknown)   
2020-12-15 14:50 zackw  Line Number   => (unknown)   
2020-12-15 15:22 geoffclare Note Added: 0005173  
2020-12-15 15:22 geoffclare Relationship added   related to 0001226  
2020-12-15 15:31 zackw  Note Added: 0005174  
2020-12-15 15:45 geoffclare Note Added: 0005175  
2020-12-15 15:53 zackw  Note Added: 0005176  
2020-12-15 15:54 zackw  Note Added: 0005177  
2020-12-15 15:56 zackw  Note Added: 0005178  
2020-12-15 16:11 shware_systems Note Added: 0005179  
==

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

2020-12-15 Thread Austin Group Bug Tracker via austin-group-l at The Open Group



A NOTE has been added to this issue. 
== 
https://austingroupbugs.net/view.php?id=1435 
== 
Reported By:zackw
Assigned To:
== 
Project:1003.1(2016/18)/Issue7+TC2
Issue ID:   1435
Category:   System Interfaces
Type:   Error
Severity:   Objection
Priority:   normal
Status: New
Name:   Zack Weinberg 
Organization:   GNU 
User Reference:  
Section:exec 
Page Number:(unknown) 
Line Number:(unknown) 
Interp Status:  --- 
Final Accepted Text: 
== 
Date Submitted: 2020-12-15 14:50 UTC
Last Modified:  2020-12-15 15:56 UTC
== 
Summary:execlp and execvp should not execute a command
interpreter when other members of the exec family would fail with ENOEXEC
==
Relationships   ID  Summary
--
related to  0001226 shell can not test if a file is text
== 

-- 
 (0005178) zackw (reporter) - 2020-12-15 15:56
 https://austingroupbugs.net/view.php?id=1435#c5178 
-- 
> Changing this would break a huge number of applications 

Please give one example of such an application. 

Issue History 
Date ModifiedUsername   FieldChange   
== 
2020-12-15 14:50 zackw  New Issue
2020-12-15 14:50 zackw  Name  => Zack Weinberg   
2020-12-15 14:50 zackw  Organization  => GNU 
2020-12-15 14:50 zackw  Section   => exec
2020-12-15 14:50 zackw  Page Number   => (unknown)   
2020-12-15 14:50 zackw  Line Number   => (unknown)   
2020-12-15 15:22 geoffclare Note Added: 0005173  
2020-12-15 15:22 geoffclare Relationship added   related to 0001226  
2020-12-15 15:31 zackw  Note Added: 0005174  
2020-12-15 15:45 geoffclare Note Added: 0005175  
2020-12-15 15:53 zackw  Note Added: 0005176  
2020-12-15 15:54 zackw  Note Added: 0005177  
2020-12-15 15:56 zackw  Note Added: 0005178  
==

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

2020-12-15 Thread Austin Group Bug Tracker via austin-group-l at The Open Group



A NOTE has been added to this issue. 
== 
https://austingroupbugs.net/view.php?id=1435 
== 
Reported By:zackw
Assigned To:
== 
Project:1003.1(2016/18)/Issue7+TC2
Issue ID:   1435
Category:   System Interfaces
Type:   Error
Severity:   Objection
Priority:   normal
Status: New
Name:   Zack Weinberg 
Organization:   GNU 
User Reference:  
Section:exec 
Page Number:(unknown) 
Line Number:(unknown) 
Interp Status:  --- 
Final Accepted Text: 
== 
Date Submitted: 2020-12-15 14:50 UTC
Last Modified:  2020-12-15 15:54 UTC
== 
Summary:execlp and execvp should not execute a command
interpreter when other members of the exec family would fail with ENOEXEC
==
Relationships   ID  Summary
--
related to  0001226 shell can not test if a file is text
== 

-- 
 (0005177) zackw (reporter) - 2020-12-15 15:54
 https://austingroupbugs.net/view.php?id=1435#c5177 
-- 
On a closely related note, why on earth hasn't #! been standardized?  I
have *never* encountered a system that claims POSIX conformance but doesn't
implement it, not even 25 years ago. 

Issue History 
Date ModifiedUsername   FieldChange   
== 
2020-12-15 14:50 zackw  New Issue
2020-12-15 14:50 zackw  Name  => Zack Weinberg   
2020-12-15 14:50 zackw  Organization  => GNU 
2020-12-15 14:50 zackw  Section   => exec
2020-12-15 14:50 zackw  Page Number   => (unknown)   
2020-12-15 14:50 zackw  Line Number   => (unknown)   
2020-12-15 15:22 geoffclare Note Added: 0005173  
2020-12-15 15:22 geoffclare Relationship added   related to 0001226  
2020-12-15 15:31 zackw  Note Added: 0005174  
2020-12-15 15:45 geoffclare Note Added: 0005175  
2020-12-15 15:53 zackw  Note Added: 0005176  
2020-12-15 15:54 zackw  Note Added: 0005177  
==

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

2020-12-15 Thread Austin Group Bug Tracker via austin-group-l at The Open Group



A NOTE has been added to this issue. 
== 
https://austingroupbugs.net/view.php?id=1435 
== 
Reported By:zackw
Assigned To:
== 
Project:1003.1(2016/18)/Issue7+TC2
Issue ID:   1435
Category:   System Interfaces
Type:   Error
Severity:   Objection
Priority:   normal
Status: New
Name:   Zack Weinberg 
Organization:   GNU 
User Reference:  
Section:exec 
Page Number:(unknown) 
Line Number:(unknown) 
Interp Status:  --- 
Final Accepted Text: 
== 
Date Submitted: 2020-12-15 14:50 UTC
Last Modified:  2020-12-15 15:53 UTC
== 
Summary:execlp and execvp should not execute a command
interpreter when other members of the exec family would fail with ENOEXEC
==
Relationships   ID  Summary
--
related to  0001226 shell can not test if a file is text
== 

-- 
 (0005176) zackw (reporter) - 2020-12-15 15:53
 https://austingroupbugs.net/view.php?id=1435#c5176 
-- 
If you would prefer a more practical rationale for the proposed change,
consider a program (a test suite driver, for instance) that wants to
execute binaries that may have been cross-compiled and therefore may not be
executable on the system where it's running, and distinguish ENOEXEC-type
failure from other forms of failure.  It runs on a wide variety of systems
and therefore cannot rely on any binary-rejection heuristic being
implemented by the shell.  The only alternative is to avoid using execlp
and execvp, but this means reimplementing PATH search by hand, and
depending on the implementation language, it may not even be possible. 
(For instance, the Perl interpreter *only* exposes execvp and system to
Perl programs.) 

Issue History 
Date ModifiedUsername   FieldChange   
== 
2020-12-15 14:50 zackw  New Issue
2020-12-15 14:50 zackw  Name  => Zack Weinberg   
2020-12-15 14:50 zackw  Organization  => GNU 
2020-12-15 14:50 zackw  Section   => exec
2020-12-15 14:50 zackw  Page Number   => (unknown)   
2020-12-15 14:50 zackw  Line Number   => (unknown)   
2020-12-15 15:22 geoffclare Note Added: 0005173  
2020-12-15 15:22 geoffclare Relationship added   related to 0001226  
2020-12-15 15:31 zackw  Note Added: 0005174  
2020-12-15 15:45 geoffclare Note Added: 0005175  
2020-12-15 15:53 zackw  Note Added: 0005176  
==

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

2020-12-15 Thread Austin Group Bug Tracker via austin-group-l at The Open Group



A NOTE has been added to this issue. 
== 
https://austingroupbugs.net/view.php?id=1435 
== 
Reported By:zackw
Assigned To:
== 
Project:1003.1(2016/18)/Issue7+TC2
Issue ID:   1435
Category:   System Interfaces
Type:   Error
Severity:   Objection
Priority:   normal
Status: New
Name:   Zack Weinberg 
Organization:   GNU 
User Reference:  
Section:exec 
Page Number:(unknown) 
Line Number:(unknown) 
Interp Status:  --- 
Final Accepted Text: 
== 
Date Submitted: 2020-12-15 14:50 UTC
Last Modified:  2020-12-15 15:45 UTC
== 
Summary:execlp and execvp should not execute a command
interpreter when other members of the exec family would fail with ENOEXEC
==
Relationships   ID  Summary
--
related to  0001226 shell can not test if a file is text
== 

-- 
 (0005175) geoffclare (manager) - 2020-12-15 15:45
 https://austingroupbugs.net/view.php?id=1435#c5175 
-- 
Re https://austingroupbugs.net/view.php?id=1435#c5174

No, only execl, execle, execv, and execve are expected not to invoke a
shell. The execlp and execvp functions have always invoked a shell if the
file cannot be executed directly and are very much expected to do so.
Changing this would break a huge number of applications which rely on them
executing a shell in cases where the shell script does not start with #! or
the system does not support #!, including every strictly conforming
application that includes a shell script to be executed using execlp or
execvp (since strictly conforming applications cannot use #!) 

Issue History 
Date ModifiedUsername   FieldChange   
== 
2020-12-15 14:50 zackw  New Issue
2020-12-15 14:50 zackw  Name  => Zack Weinberg   
2020-12-15 14:50 zackw  Organization  => GNU 
2020-12-15 14:50 zackw  Section   => exec
2020-12-15 14:50 zackw  Page Number   => (unknown)   
2020-12-15 14:50 zackw  Line Number   => (unknown)   
2020-12-15 15:22 geoffclare Note Added: 0005173  
2020-12-15 15:22 geoffclare Relationship added   related to 0001226  
2020-12-15 15:31 zackw  Note Added: 0005174  
2020-12-15 15:45 geoffclare Note Added: 0005175  
==

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

2020-12-15 Thread Austin Group Bug Tracker via austin-group-l at The Open Group



A NOTE has been added to this issue. 
== 
https://austingroupbugs.net/view.php?id=1435 
== 
Reported By:zackw
Assigned To:
== 
Project:1003.1(2016/18)/Issue7+TC2
Issue ID:   1435
Category:   System Interfaces
Type:   Error
Severity:   Objection
Priority:   normal
Status: New
Name:   Zack Weinberg 
Organization:   GNU 
User Reference:  
Section:exec 
Page Number:(unknown) 
Line Number:(unknown) 
Interp Status:  --- 
Final Accepted Text: 
== 
Date Submitted: 2020-12-15 14:50 UTC
Last Modified:  2020-12-15 15:31 UTC
== 
Summary:execlp and execvp should not execute a command
interpreter when other members of the exec family would fail with ENOEXEC
==
Relationships   ID  Summary
--
related to  0001226 shell can not test if a file is text
== 

-- 
 (0005174) zackw (reporter) - 2020-12-15 15:31
 https://austingroupbugs.net/view.php?id=1435#c5174 
-- 
The other C-level APIs you mention, system and popen, are expected to
invoke a shell.  The exec family, on the other hand, is expected *not* to
invoke a shell.  I think it is worth changing execlp and execvp just to
eliminate this corner case where a shell might be invoked, contrary to
expectations. 

Issue History 
Date ModifiedUsername   FieldChange   
== 
2020-12-15 14:50 zackw  New Issue
2020-12-15 14:50 zackw  Name  => Zack Weinberg   
2020-12-15 14:50 zackw  Organization  => GNU 
2020-12-15 14:50 zackw  Section   => exec
2020-12-15 14:50 zackw  Page Number   => (unknown)   
2020-12-15 14:50 zackw  Line Number   => (unknown)   
2020-12-15 15:22 geoffclare Note Added: 0005173  
2020-12-15 15:22 geoffclare Relationship added   related to 0001226  
2020-12-15 15:31 zackw  Note Added: 0005174  
==

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

2020-12-15 Thread Austin Group Bug Tracker via austin-group-l at The Open Group



The following issue has been set as RELATED TO issue 0001226. 
== 
https://austingroupbugs.net/view.php?id=1435 
== 
Reported By:zackw
Assigned To:
== 
Project:1003.1(2016/18)/Issue7+TC2
Issue ID:   1435
Category:   System Interfaces
Type:   Error
Severity:   Objection
Priority:   normal
Status: New
Name:   Zack Weinberg 
Organization:   GNU 
User Reference:  
Section:exec 
Page Number:(unknown) 
Line Number:(unknown) 
Interp Status:  --- 
Final Accepted Text: 
== 
Date Submitted: 2020-12-15 14:50 UTC
Last Modified:  2020-12-15 15:22 UTC
== 
Summary:execlp and execvp should not execute a command
interpreter when other members of the exec family would fail with ENOEXEC
==
Relationships   ID  Summary
--
related to  0001226 shell can not test if a file is text
== 

Issue History 
Date ModifiedUsername   FieldChange   
== 
2020-12-15 14:50 zackw  New Issue
2020-12-15 14:50 zackw  Name  => Zack Weinberg   
2020-12-15 14:50 zackw  Organization  => GNU 
2020-12-15 14:50 zackw  Section   => exec
2020-12-15 14:50 zackw  Page Number   => (unknown)   
2020-12-15 14:50 zackw  Line Number   => (unknown)   
2020-12-15 15:22 geoffclare Note Added: 0005173  
2020-12-15 15:22 geoffclare Relationship added   related to 0001226  
==

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

2020-12-15 Thread Austin Group Bug Tracker via austin-group-l at The Open Group



A NOTE has been added to this issue. 
== 
https://austingroupbugs.net/view.php?id=1435 
== 
Reported By:zackw
Assigned To:
== 
Project:1003.1(2016/18)/Issue7+TC2
Issue ID:   1435
Category:   System Interfaces
Type:   Error
Severity:   Objection
Priority:   normal
Status: New
Name:   Zack Weinberg 
Organization:   GNU 
User Reference:  
Section:exec 
Page Number:(unknown) 
Line Number:(unknown) 
Interp Status:  --- 
Final Accepted Text: 
== 
Date Submitted: 2020-12-15 14:50 UTC
Last Modified:  2020-12-15 15:22 UTC
== 
Summary:execlp and execvp should not execute a command
interpreter when other members of the exec family would fail with ENOEXEC
== 

-- 
 (0005173) geoffclare (manager) - 2020-12-15 15:22
 https://austingroupbugs.net/view.php?id=1435#c5173 
-- 
There is no point changing execlp() and execvp() as there are many other
ways that a shell can be invoked to try to execute such a file (e.g.
system(), popen(), or just interactive use of a shell). The right place to
deal with the issue is in the shell, and this was done in bug
https://austingroupbugs.net/view.php?id=1226.

However, looking again at 1226 I see that there are two occurrences of the
text that it fixes, and it only fixes one of them. Since that bug has
already been applied, we should use this new bug as an opportunity to fix
the other one.

On page 2368 line 75615 section 2.9.1.1, change:If the
executable file is not a text file, the shell may bypass this command
execution. In this case, it shall write an error message, and shall return
an exit status of 126.to:The shell may apply a
heuristic check to determine if the file to be executed could be a script
and may bypass this command execution if it determines that the file cannot
be a script. In this case, it shall write an error message, and shall
return an exit status of 126.
Note: A common heuristic for rejecting files that cannot be a
script is locating a NUL byte prior to a  byte within a
fixed-length prefix of the file. Since sh is required to accept input files
with unlimited line lengths, the heuristic check cannot be based on line
length. 

Issue History 
Date ModifiedUsername   FieldChange   
== 
2020-12-15 14:50 zackw  New Issue
2020-12-15 14:50 zackw  Name  => Zack Weinberg   
2020-12-15 14:50 zackw  Organization  => GNU 
2020-12-15 14:50 zackw  Section   => exec
2020-12-15 14:50 zackw  Page Number   => (unknown)   
2020-12-15 14:50 zackw  Line Number   => (unknown)   
2020-12-15 15:22 geoffclare Note Added: 0005173  
==

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

2020-12-15 Thread Austin Group Bug Tracker via austin-group-l at The Open Group



The following issue has been SUBMITTED. 
== 
https://www.austingroupbugs.net/view.php?id=1435 
== 
Reported By:zackw
Assigned To:
== 
Project:1003.1(2016/18)/Issue7+TC2
Issue ID:   1435
Category:   System Interfaces
Type:   Error
Severity:   Objection
Priority:   normal
Status: New
Name:   Zack Weinberg 
Organization:   GNU 
User Reference:  
Section:exec 
Page Number:(unknown) 
Line Number:(unknown) 
Interp Status:  --- 
Final Accepted Text: 
== 
Date Submitted: 2020-12-15 14:50 UTC
Last Modified:  2020-12-15 14:50 UTC
== 
Summary:execlp and execvp should not execute a command
interpreter when other members of the exec family would fail with ENOEXEC
Description: 
When execve would fail for a particular process image file and set errno to
[ENOEXEC], execlp and execvp are specified to retry execution of that file
as-if it were a shell script (see the text quoted as to-be-deleted, under
"Desired Action").

This behavior exists only for historical reasons -- it predates the `#!`
mechanism implemented by all current-generation Unixes -- and *may*
constitute a security hole.  On the computer where I'm typing this, the
first eight bytes of a  machine-code executable are consistently 7f 45 46
02 01 01 00.  The behavior of `sh` when fed a file beginning with these
bytes is not specified, as far as I can tell; I have observed at least one
implementation which, when given an input file containing those eight
bytes, attempts to execute a program whose name is "\177ELF\002\001\001" (C
string notation).  Suppose an unprivileged process that can create a
program with that name in a location on a higher-privileged process's PATH.
 The higher-privileged process is believed only to run programs with known
names, but one of the programs with a known name is corrupt and will be
rejected by `execve` with ENOEXEC, causing `execvp` to attempt to run it as
a shell script, and in turn to execution of the injected program named
"\177ELF\002\001\001".

Yes, this exploit chain involves a questionable implementation of `sh`
*and* two different system misconfigurations, but I think we all know that
vendors will try to argue that each of those three things is harmless and
does not need fixing.
Desired Action: 
From
,
delete all of the following text from the DESCRIPTION section:

---
There are two distinct ways in which the contents of the process image file
may cause the execution to fail, distinguished by the setting of errno to
either [ENOEXEC] or [EINVAL] (see the ERRORS section). In the cases where
the other members of the exec family of functions would fail and set errno
to [ENOEXEC], the execlp() and execvp() functions shall execute a command
interpreter and the environment of the executed command shall be as if the
process invoked the sh utility using execl() as follows:

execl(, arg0, file, arg1, ..., (char *)0);

where  is an unspecified pathname for the sh utility, file is
the process image file, and for execvp(), where arg0, arg1, and so on
correspond to the values passed to execvp() in argv[0], argv[1], and so
on.
---

Also, in the ERRORS section, move the entry for [ENOEXEC] to the first
group of errors ("The exec functions shall fail if: ...")
== 

Issue History 
Date ModifiedUsername   FieldChange   
== 
2020-12-15 14:50 zackw  New Issue
2020-12-15 14:50 zackw  Name  => Zack Weinberg   
2020-12-15 14:50 zackw  Organization  => GNU 
2020-12-15 14:50 zackw  Section   => exec
2020-12-15 14:50 zackw  Page Number   => (unknown)   
2020-12-15 14:50 zackw  Line Number   => (unknown)   
==

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

[1003.1(2016/18)/Issue7+TC2 0001435]: execlp and execvp should not execute a command interpreter when other members of the exec family would fail with ENOEXEC

15 matches

Site Navigation

Mail list logo

Footer information