d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e35c28a24b
freebsd-dev/lib/libc/gen/exec.c

307 lines
7.0 KiB
C
Raw Normal View History

BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
/*-
General further adoption of SPDX licensing ID tags. Mainly focus on files that use BSD 3-Clause license. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. Special thanks to Wind River for providing access to "The Duke of Highlander" tool: an older (2014) run over FreeBSD tree was useful as a starting point.
2017-11-20 19:49:47 +00:00
* SPDX-License-Identifier: BSD-3-Clause
*
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
* Copyright (c) 1991, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
Renumber copyright clause 4 Renumber cluase 4 to 3, per what everybody else did when BSD granted them permission to remove clause 3. My insistance on keeping the same numbering for legal reasons is too pedantic, so give up on that point. Submitted by: Jan Schaumann <jschauma@stevens.edu> Pull Request: https://github.com/freebsd/freebsd/pull/96
2017-02-28 23:42:47 +00:00
* 3. Neither the name of the University nor the names of its contributors
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
* Remove 'register'. (some functions had 7+ register functions...) * Fix SCM ID's.
2002-02-01 01:08:48 +00:00
#include <sys/cdefs.h>
Clean up the vcs ID strings in libc's gen/ directory. - Move CSRG IDs into __SCCSID(). - When a file has been copied, consistently use 'From: <tag>' for strings referencing the version of the source file copied from in the license block comment. - Some of the 'From:' tags were using $FreeBSD$ that was being expanded on each checkout. Fix those to hardcode the FreeBSD tag from the file that was copied at the time of the copy. - When multiple strings are present list them in "chronological" order, so CSRG (__SCCSID) before FreeBSD (__FBSDID). If a file came from OtherBSD and contains a CSRG ID from the OtherBSD file, use the order CSRG -> OtherBSD -> FreeBSD. Reviewed by: imp Differential Revision: https://reviews.freebsd.org/D15831
2018-07-03 17:31:45 +00:00
__SCCSID("@(#)exec.c 8.1 (Berkeley) 6/4/93");
* Remove 'register'. (some functions had 7+ register functions...) * Fix SCM ID's.
2002-02-01 01:08:48 +00:00
__FBSDID("$FreeBSD$");
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
Remove _THREAD_SAFE and make libc thread-safe by default by adding (weak definitions to) stubs for some of the pthread functions. If the threads library is linked in, the real pthread functions will pulled in. Use the following convention for system calls wrapped by the threads library: __sys_foo - actual system call _foo - weak definition to __sys_foo foo - weak definition to __sys_foo Change all libc uses of system calls wrapped by the threads library from foo to _foo. In order to define the prototypes for _foo(), we introduce namespace.h and un-namespace.h (suggested by bde). All files that need to reference these system calls, should include namespace.h before any standard includes, then include un-namespace.h after the standard includes and before any local includes. <db.h> is an exception and shouldn't be included in between namespace.h and un-namespace.h namespace.h will define foo to _foo, and un-namespace.h will undefine foo. Try to eliminate some of the recursive calls to MT-safe functions in libc/stdio in preparation for adding a mutex to FILE. We have recursive mutexes, but would like to avoid using them if possible. Remove uneeded includes of <errno.h> from a few files. Add $FreeBSD$ to a few files in order to pass commitprep. Approved by: -arch
2001-01-24 13:01:12 +00:00
#include "namespace.h"
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
#include <sys/param.h>
Fixed searching of $PATH in execvp(). Do what sh(1) should do according to POSIX.2. In particular: - don't retry for ETXTBSY. This matches what sh(1) does. The retry code was broken anyway. It only slept for several seconds for the first few retries. Then it retried without sleeping. - don't abort the search for errors related to the path prefix, in particular for ENAMETOOLONG, ENOTDIR, ELOOP. This fixes PR1487. sh(1) gets this wrong in the opposite direction by never aborting the search. - don't confuse EACCES for errors related to the path prefix with EACCES for errors related to the file. sh(1) gets this wrong. - don't return a stale errno when the search terminates normally without finding anything. The errno for the last unsuccessful execve() was usually returned. This gave too much precedence to pathologies in the last component of $PATH. This bug is irrelevant for sh(1). The implementation still uses the optimization/race-inhibitor of trying to execve() things first. POSIX.2 seems to require looking at file permissions using stat(). We now use stat() after execve() if execve() fails with an ambiguous error. Trying execve() first may actually be a pessimization, since failing execve()s are fundamentally a little slower than stat(), and are significantly slower when a file is found but has unsuitable permissions or points to an unsuitable interpreter. PR: 1487
1997-10-14 07:23:16 +00:00
#include <sys/stat.h>
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
#include <errno.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <paths.h>
#include <stdarg.h>
Remove _THREAD_SAFE and make libc thread-safe by default by adding (weak definitions to) stubs for some of the pthread functions. If the threads library is linked in, the real pthread functions will pulled in. Use the following convention for system calls wrapped by the threads library: __sys_foo - actual system call _foo - weak definition to __sys_foo foo - weak definition to __sys_foo Change all libc uses of system calls wrapped by the threads library from foo to _foo. In order to define the prototypes for _foo(), we introduce namespace.h and un-namespace.h (suggested by bde). All files that need to reference these system calls, should include namespace.h before any standard includes, then include un-namespace.h after the standard includes and before any local includes. <db.h> is an exception and shouldn't be included in between namespace.h and un-namespace.h namespace.h will define foo to _foo, and un-namespace.h will undefine foo. Try to eliminate some of the recursive calls to MT-safe functions in libc/stdio in preparation for adding a mutex to FILE. We have recursive mutexes, but would like to avoid using them if possible. Remove uneeded includes of <errno.h> from a few files. Add $FreeBSD$ to a few files in order to pass commitprep. Approved by: -arch
2001-01-24 13:01:12 +00:00
#include "un-namespace.h"
Turn execvpe() into an internal libc routine. Adding exevpe() has caused some ports to break. Even though execvpe() is a useful routine, it does not conform to any standards. This patch is a little bit different from the patch sent to the mailing list. I forgot to remove execvpe from the Symbol.map (which does not seem to miscompile libc, though). Reviewed by: davidxu Approved by: philip
2008-06-23 05:22:06 +00:00
#include "libc_private.h"
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
extern char **environ;
execvPe: obviate the need for potentially large stack allocations Some environments in which execvPe may be called have a limited amount of stack available. Currently, it avoidably allocates a segment on the stack large enough to hold PATH so that it may be mutated and use strsep() for easy parsing. This logic is now rewritten to just operate on the immutable string passed in and do the necessary math to extract individual paths, since it will be copying out those segments to another buffer anyways and piecing them together with the name for a full path. Additional size is also needed for the stack in posix_spawnp(), because it may need to push all of argv to the stack and rebuild the command with sh in front of it. We'll make sure it's properly aligned for the new thread, but future work should likely make rfork_thread a little easier to use by ensuring proper alignment. Some trivial cleanup has been done with a couple of error writes, moving strings into char arrays for use with the less fragile sizeof(). Reported by: Andrew Gierth <andrew_tao173.riddles.org.uk> Reviewed by: jilles, kib, Andrew Gierth MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D25038
2020-06-10 01:32:13 +00:00
static const char execvPe_err_preamble[] = "execvP: ";
static const char execvPe_err_trailer[] = ": path too long\n";
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
int
execl(const char *name, const char *arg, ...)
{
va_list ap;
Remove warnings from exec.c. The entries in the argv array are not const themselves, but sometimes we want to fill in const values. Just make the array const and use __DECONST() to make it const for the execve()-call itself. Also convert the only K&R prototype to ANSI.
2009-12-05 18:55:16 +00:00
const char **argv;
Make execl() vfork()-safe. This should fix potential bugs in rcp, telnet and tip, and probably a few other apps. Reviewed by: bde Approved by: jkh
1998-10-14 18:53:36 +00:00
int n;
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
Make execl() vfork()-safe. This should fix potential bugs in rcp, telnet and tip, and probably a few other apps. Reviewed by: bde Approved by: jkh
1998-10-14 18:53:36 +00:00
va_start(ap, arg);
Correct braino in previous commit. I get the pointy hat again.
1998-10-14 20:23:40 +00:00
n = 1;
Make execl() vfork()-safe. This should fix potential bugs in rcp, telnet and tip, and probably a few other apps. Reviewed by: bde Approved by: jkh
1998-10-14 18:53:36 +00:00
while (va_arg(ap, char *) != NULL)
Fix style issues in execl(), and make execle() vfork()-safe. Reviewed by: bde Approved by: jkh
1998-10-15 17:14:15 +00:00
n++;
Make execl() vfork()-safe. This should fix potential bugs in rcp, telnet and tip, and probably a few other apps. Reviewed by: bde Approved by: jkh
1998-10-14 18:53:36 +00:00
va_end(ap);
Fix style issues in execl(), and make execle() vfork()-safe. Reviewed by: bde Approved by: jkh
1998-10-15 17:14:15 +00:00
argv = alloca((n + 1) * sizeof(*argv));
Remove last remaining references to malloc/realloc and functions that call them. All the execX() libc functions should be vfork() safe now. Specifically: - execlp() does the argument count-and-build into a vector from alloca (like the others) - buildargv() is no longer used (and gone). - execvp() uses alloca/strcpy rather than strdup(). - the ENOEXEC handler uses alloca rather than malloc. - a couple of free() calls removed - alloca works on the local stack and the allocations are freed on function exit (which is why buildargv wasn't useful - it's alloca() context would disappear on return). Along the way: - If alloca() fails (can it?), set errno = ENOMEM explicitly. - The ENOEXEC recovery routine that trys again with /bin/sh appeared to not be terminating the new argv[] array for /bin/sh, allowing it to walk off the end of the list. I dithered a bit about using alloca() even more as it's most commonly associated with gcc. However, standalone portable (using malloc) and machine-specific assembler alloca implementations appear to be available on just about all the architectures we're likely to want to port to. alloca will be the least of our problems if ever going to another compiler.
1999-03-23 16:40:34 +00:00
if (argv == NULL) {
errno = ENOMEM;
Make execl() vfork()-safe. This should fix potential bugs in rcp, telnet and tip, and probably a few other apps. Reviewed by: bde Approved by: jkh
1998-10-14 18:53:36 +00:00
return (-1);
Remove last remaining references to malloc/realloc and functions that call them. All the execX() libc functions should be vfork() safe now. Specifically: - execlp() does the argument count-and-build into a vector from alloca (like the others) - buildargv() is no longer used (and gone). - execvp() uses alloca/strcpy rather than strdup(). - the ENOEXEC handler uses alloca rather than malloc. - a couple of free() calls removed - alloca works on the local stack and the allocations are freed on function exit (which is why buildargv wasn't useful - it's alloca() context would disappear on return). Along the way: - If alloca() fails (can it?), set errno = ENOMEM explicitly. - The ENOEXEC recovery routine that trys again with /bin/sh appeared to not be terminating the new argv[] array for /bin/sh, allowing it to walk off the end of the list. I dithered a bit about using alloca() even more as it's most commonly associated with gcc. However, standalone portable (using malloc) and machine-specific assembler alloca implementations appear to be available on just about all the architectures we're likely to want to port to. alloca will be the least of our problems if ever going to another compiler.
1999-03-23 16:40:34 +00:00
}
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
va_start(ap, arg);
Correct braino in previous commit. I get the pointy hat again.
1998-10-14 20:23:40 +00:00
n = 1;
Remove warnings from exec.c. The entries in the argv array are not const themselves, but sometimes we want to fill in const values. Just make the array const and use __DECONST() to make it const for the execve()-call itself. Also convert the only K&R prototype to ANSI.
2009-12-05 18:55:16 +00:00
argv[0] = arg;
Make execl() vfork()-safe. This should fix potential bugs in rcp, telnet and tip, and probably a few other apps. Reviewed by: bde Approved by: jkh
1998-10-14 18:53:36 +00:00
while ((argv[n] = va_arg(ap, char *)) != NULL)
n++;
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
va_end(ap);
Remove warnings from exec.c. The entries in the argv array are not const themselves, but sometimes we want to fill in const values. Just make the array const and use __DECONST() to make it const for the execve()-call itself. Also convert the only K&R prototype to ANSI.
2009-12-05 18:55:16 +00:00
return (_execve(name, __DECONST(char **, argv), environ));
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
}
int
execle(const char *name, const char *arg, ...)
{
va_list ap;
Remove warnings from exec.c. The entries in the argv array are not const themselves, but sometimes we want to fill in const values. Just make the array const and use __DECONST() to make it const for the execve()-call itself. Also convert the only K&R prototype to ANSI.
2009-12-05 18:55:16 +00:00
const char **argv;
char **envp;
Fix style issues in execl(), and make execle() vfork()-safe. Reviewed by: bde Approved by: jkh
1998-10-15 17:14:15 +00:00
int n;
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
va_start(ap, arg);
Fix style issues in execl(), and make execle() vfork()-safe. Reviewed by: bde Approved by: jkh
1998-10-15 17:14:15 +00:00
n = 1;
while (va_arg(ap, char *) != NULL)
n++;
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
va_end(ap);
Fix style issues in execl(), and make execle() vfork()-safe. Reviewed by: bde Approved by: jkh
1998-10-15 17:14:15 +00:00
argv = alloca((n + 1) * sizeof(*argv));
Remove last remaining references to malloc/realloc and functions that call them. All the execX() libc functions should be vfork() safe now. Specifically: - execlp() does the argument count-and-build into a vector from alloca (like the others) - buildargv() is no longer used (and gone). - execvp() uses alloca/strcpy rather than strdup(). - the ENOEXEC handler uses alloca rather than malloc. - a couple of free() calls removed - alloca works on the local stack and the allocations are freed on function exit (which is why buildargv wasn't useful - it's alloca() context would disappear on return). Along the way: - If alloca() fails (can it?), set errno = ENOMEM explicitly. - The ENOEXEC recovery routine that trys again with /bin/sh appeared to not be terminating the new argv[] array for /bin/sh, allowing it to walk off the end of the list. I dithered a bit about using alloca() even more as it's most commonly associated with gcc. However, standalone portable (using malloc) and machine-specific assembler alloca implementations appear to be available on just about all the architectures we're likely to want to port to. alloca will be the least of our problems if ever going to another compiler.
1999-03-23 16:40:34 +00:00
if (argv == NULL) {
errno = ENOMEM;
Fix style issues in execl(), and make execle() vfork()-safe. Reviewed by: bde Approved by: jkh
1998-10-15 17:14:15 +00:00
return (-1);
Remove last remaining references to malloc/realloc and functions that call them. All the execX() libc functions should be vfork() safe now. Specifically: - execlp() does the argument count-and-build into a vector from alloca (like the others) - buildargv() is no longer used (and gone). - execvp() uses alloca/strcpy rather than strdup(). - the ENOEXEC handler uses alloca rather than malloc. - a couple of free() calls removed - alloca works on the local stack and the allocations are freed on function exit (which is why buildargv wasn't useful - it's alloca() context would disappear on return). Along the way: - If alloca() fails (can it?), set errno = ENOMEM explicitly. - The ENOEXEC recovery routine that trys again with /bin/sh appeared to not be terminating the new argv[] array for /bin/sh, allowing it to walk off the end of the list. I dithered a bit about using alloca() even more as it's most commonly associated with gcc. However, standalone portable (using malloc) and machine-specific assembler alloca implementations appear to be available on just about all the architectures we're likely to want to port to. alloca will be the least of our problems if ever going to another compiler.
1999-03-23 16:40:34 +00:00
}
Fix style issues in execl(), and make execle() vfork()-safe. Reviewed by: bde Approved by: jkh
1998-10-15 17:14:15 +00:00
va_start(ap, arg);
n = 1;
Remove warnings from exec.c. The entries in the argv array are not const themselves, but sometimes we want to fill in const values. Just make the array const and use __DECONST() to make it const for the execve()-call itself. Also convert the only K&R prototype to ANSI.
2009-12-05 18:55:16 +00:00
argv[0] = arg;
Fix style issues in execl(), and make execle() vfork()-safe. Reviewed by: bde Approved by: jkh
1998-10-15 17:14:15 +00:00
while ((argv[n] = va_arg(ap, char *)) != NULL)
n++;
envp = va_arg(ap, char **);
va_end(ap);
Remove warnings from exec.c. The entries in the argv array are not const themselves, but sometimes we want to fill in const values. Just make the array const and use __DECONST() to make it const for the execve()-call itself. Also convert the only K&R prototype to ANSI.
2009-12-05 18:55:16 +00:00
return (_execve(name, __DECONST(char **, argv), envp));
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
}
int
execlp(const char *name, const char *arg, ...)
{
va_list ap;
Remove warnings from exec.c. The entries in the argv array are not const themselves, but sometimes we want to fill in const values. Just make the array const and use __DECONST() to make it const for the execve()-call itself. Also convert the only K&R prototype to ANSI.
2009-12-05 18:55:16 +00:00
const char **argv;
Remove last remaining references to malloc/realloc and functions that call them. All the execX() libc functions should be vfork() safe now. Specifically: - execlp() does the argument count-and-build into a vector from alloca (like the others) - buildargv() is no longer used (and gone). - execvp() uses alloca/strcpy rather than strdup(). - the ENOEXEC handler uses alloca rather than malloc. - a couple of free() calls removed - alloca works on the local stack and the allocations are freed on function exit (which is why buildargv wasn't useful - it's alloca() context would disappear on return). Along the way: - If alloca() fails (can it?), set errno = ENOMEM explicitly. - The ENOEXEC recovery routine that trys again with /bin/sh appeared to not be terminating the new argv[] array for /bin/sh, allowing it to walk off the end of the list. I dithered a bit about using alloca() even more as it's most commonly associated with gcc. However, standalone portable (using malloc) and machine-specific assembler alloca implementations appear to be available on just about all the architectures we're likely to want to port to. alloca will be the least of our problems if ever going to another compiler.
1999-03-23 16:40:34 +00:00
int n;
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
va_start(ap, arg);
Remove last remaining references to malloc/realloc and functions that call them. All the execX() libc functions should be vfork() safe now. Specifically: - execlp() does the argument count-and-build into a vector from alloca (like the others) - buildargv() is no longer used (and gone). - execvp() uses alloca/strcpy rather than strdup(). - the ENOEXEC handler uses alloca rather than malloc. - a couple of free() calls removed - alloca works on the local stack and the allocations are freed on function exit (which is why buildargv wasn't useful - it's alloca() context would disappear on return). Along the way: - If alloca() fails (can it?), set errno = ENOMEM explicitly. - The ENOEXEC recovery routine that trys again with /bin/sh appeared to not be terminating the new argv[] array for /bin/sh, allowing it to walk off the end of the list. I dithered a bit about using alloca() even more as it's most commonly associated with gcc. However, standalone portable (using malloc) and machine-specific assembler alloca implementations appear to be available on just about all the architectures we're likely to want to port to. alloca will be the least of our problems if ever going to another compiler.
1999-03-23 16:40:34 +00:00
n = 1;
while (va_arg(ap, char *) != NULL)
n++;
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
va_end(ap);
Remove last remaining references to malloc/realloc and functions that call them. All the execX() libc functions should be vfork() safe now. Specifically: - execlp() does the argument count-and-build into a vector from alloca (like the others) - buildargv() is no longer used (and gone). - execvp() uses alloca/strcpy rather than strdup(). - the ENOEXEC handler uses alloca rather than malloc. - a couple of free() calls removed - alloca works on the local stack and the allocations are freed on function exit (which is why buildargv wasn't useful - it's alloca() context would disappear on return). Along the way: - If alloca() fails (can it?), set errno = ENOMEM explicitly. - The ENOEXEC recovery routine that trys again with /bin/sh appeared to not be terminating the new argv[] array for /bin/sh, allowing it to walk off the end of the list. I dithered a bit about using alloca() even more as it's most commonly associated with gcc. However, standalone portable (using malloc) and machine-specific assembler alloca implementations appear to be available on just about all the architectures we're likely to want to port to. alloca will be the least of our problems if ever going to another compiler.
1999-03-23 16:40:34 +00:00
argv = alloca((n + 1) * sizeof(*argv));
if (argv == NULL) {
errno = ENOMEM;
return (-1);
}
va_start(ap, arg);
n = 1;
Remove warnings from exec.c. The entries in the argv array are not const themselves, but sometimes we want to fill in const values. Just make the array const and use __DECONST() to make it const for the execve()-call itself. Also convert the only K&R prototype to ANSI.
2009-12-05 18:55:16 +00:00
argv[0] = arg;
Remove last remaining references to malloc/realloc and functions that call them. All the execX() libc functions should be vfork() safe now. Specifically: - execlp() does the argument count-and-build into a vector from alloca (like the others) - buildargv() is no longer used (and gone). - execvp() uses alloca/strcpy rather than strdup(). - the ENOEXEC handler uses alloca rather than malloc. - a couple of free() calls removed - alloca works on the local stack and the allocations are freed on function exit (which is why buildargv wasn't useful - it's alloca() context would disappear on return). Along the way: - If alloca() fails (can it?), set errno = ENOMEM explicitly. - The ENOEXEC recovery routine that trys again with /bin/sh appeared to not be terminating the new argv[] array for /bin/sh, allowing it to walk off the end of the list. I dithered a bit about using alloca() even more as it's most commonly associated with gcc. However, standalone portable (using malloc) and machine-specific assembler alloca implementations appear to be available on just about all the architectures we're likely to want to port to. alloca will be the least of our problems if ever going to another compiler.
1999-03-23 16:40:34 +00:00
while ((argv[n] = va_arg(ap, char *)) != NULL)
n++;
va_end(ap);
Remove warnings from exec.c. The entries in the argv array are not const themselves, but sometimes we want to fill in const values. Just make the array const and use __DECONST() to make it const for the execve()-call itself. Also convert the only K&R prototype to ANSI.
2009-12-05 18:55:16 +00:00
return (execvp(name, __DECONST(char **, argv)));
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
}
int
Use ANSI C prototypes. Eliminates -Wold-style-definition warnings.
2015-09-20 20:23:16 +00:00
execv(const char *name, char * const *argv)
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
{
Remove _THREAD_SAFE and make libc thread-safe by default by adding (weak definitions to) stubs for some of the pthread functions. If the threads library is linked in, the real pthread functions will pulled in. Use the following convention for system calls wrapped by the threads library: __sys_foo - actual system call _foo - weak definition to __sys_foo foo - weak definition to __sys_foo Change all libc uses of system calls wrapped by the threads library from foo to _foo. In order to define the prototypes for _foo(), we introduce namespace.h and un-namespace.h (suggested by bde). All files that need to reference these system calls, should include namespace.h before any standard includes, then include un-namespace.h after the standard includes and before any local includes. <db.h> is an exception and shouldn't be included in between namespace.h and un-namespace.h namespace.h will define foo to _foo, and un-namespace.h will undefine foo. Try to eliminate some of the recursive calls to MT-safe functions in libc/stdio in preparation for adding a mutex to FILE. We have recursive mutexes, but would like to avoid using them if possible. Remove uneeded includes of <errno.h> from a few files. Add $FreeBSD$ to a few files in order to pass commitprep. Approved by: -arch
2001-01-24 13:01:12 +00:00
(void)_execve(name, argv, environ);
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
return (-1);
}
int
Fixed some style bugs.
2003-07-01 12:30:03 +00:00
execvp(const char *name, char * const *argv)
Add a libc function execvP that takes the search path as an arguement. Change execvp to be a wrapper around execvP. This is necessary for some of the /rescue pieces. It may also be more generally applicable as well. Submitted by: Tim Kientzle <kientzle@acm.org> Approved by: Silence on arch@
2003-06-29 17:33:34 +00:00
{
Turn execvpe() into an internal libc routine. Adding exevpe() has caused some ports to break. Even though execvpe() is a useful routine, it does not conform to any standards. This patch is a little bit different from the patch sent to the mailing list. I forgot to remove execvpe from the Symbol.map (which does not seem to miscompile libc, though). Reviewed by: davidxu Approved by: philip
2008-06-23 05:22:06 +00:00
return (_execvpe(name, argv, environ));
Add a libc function execvP that takes the search path as an arguement. Change execvp to be a wrapper around execvP. This is necessary for some of the /rescue pieces. It may also be more generally applicable as well. Submitted by: Tim Kientzle <kientzle@acm.org> Approved by: Silence on arch@
2003-06-29 17:33:34 +00:00
}
Add POSIX routines called posix_spawn() and posix_spawnp(), which can be used as replacements for exec/fork in a lot of cases. This change also added execvpe() which allows environment variable PATH to be used for searching executable file, it is used for implementing posix_spawnp(). PR: standards/122051
2008-06-17 06:26:29 +00:00
static int
Remove warnings from exec.c. The entries in the argv array are not const themselves, but sometimes we want to fill in const values. Just make the array const and use __DECONST() to make it const for the execve()-call itself. Also convert the only K&R prototype to ANSI.
2009-12-05 18:55:16 +00:00
execvPe(const char *name, const char *path, char * const *argv,
char * const *envp)
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
{
Remove warnings from exec.c. The entries in the argv array are not const themselves, but sometimes we want to fill in const values. Just make the array const and use __DECONST() to make it const for the execve()-call itself. Also convert the only K&R prototype to ANSI.
2009-12-05 18:55:16 +00:00
const char **memp;
size_t cnt, lp, ln;
Fixed searching of $PATH in execvp(). Do what sh(1) should do according to POSIX.2. In particular: - don't retry for ETXTBSY. This matches what sh(1) does. The retry code was broken anyway. It only slept for several seconds for the first few retries. Then it retried without sleeping. - don't abort the search for errors related to the path prefix, in particular for ENAMETOOLONG, ENOTDIR, ELOOP. This fixes PR1487. sh(1) gets this wrong in the opposite direction by never aborting the search. - don't confuse EACCES for errors related to the path prefix with EACCES for errors related to the file. sh(1) gets this wrong. - don't return a stale errno when the search terminates normally without finding anything. The errno for the last unsuccessful execve() was usually returned. This gave too much precedence to pathologies in the last component of $PATH. This bug is irrelevant for sh(1). The implementation still uses the optimization/race-inhibitor of trying to execve() things first. POSIX.2 seems to require looking at file permissions using stat(). We now use stat() after execve() if execve() fails with an ambiguous error. Trying execve() first may actually be a pessimization, since failing execve()s are fundamentally a little slower than stat(), and are significantly slower when a file is found but has unsuitable permissions or points to an unsuitable interpreter. PR: 1487
1997-10-14 07:23:16 +00:00
int eacces, save_errno;
execvPe: obviate the need for potentially large stack allocations Some environments in which execvPe may be called have a limited amount of stack available. Currently, it avoidably allocates a segment on the stack large enough to hold PATH so that it may be mutated and use strsep() for easy parsing. This logic is now rewritten to just operate on the immutable string passed in and do the necessary math to extract individual paths, since it will be copying out those segments to another buffer anyways and piecing them together with the name for a full path. Additional size is also needed for the stack in posix_spawnp(), because it may need to push all of argv to the stack and rebuild the command with sh in front of it. We'll make sure it's properly aligned for the new thread, but future work should likely make rfork_thread a little easier to use by ensuring proper alignment. Some trivial cleanup has been done with a couple of error writes, moving strings into char arrays for use with the less fragile sizeof(). Reported by: Andrew Gierth <andrew_tao173.riddles.org.uk> Reviewed by: jilles, kib, Andrew Gierth MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D25038
2020-06-10 01:32:13 +00:00
char buf[MAXPATHLEN];
const char *bp, *np, *op, *p;
Fixed searching of $PATH in execvp(). Do what sh(1) should do according to POSIX.2. In particular: - don't retry for ETXTBSY. This matches what sh(1) does. The retry code was broken anyway. It only slept for several seconds for the first few retries. Then it retried without sleeping. - don't abort the search for errors related to the path prefix, in particular for ENAMETOOLONG, ENOTDIR, ELOOP. This fixes PR1487. sh(1) gets this wrong in the opposite direction by never aborting the search. - don't confuse EACCES for errors related to the path prefix with EACCES for errors related to the file. sh(1) gets this wrong. - don't return a stale errno when the search terminates normally without finding anything. The errno for the last unsuccessful execve() was usually returned. This gave too much precedence to pathologies in the last component of $PATH. This bug is irrelevant for sh(1). The implementation still uses the optimization/race-inhibitor of trying to execve() things first. POSIX.2 seems to require looking at file permissions using stat(). We now use stat() after execve() if execve() fails with an ambiguous error. Trying execve() first may actually be a pessimization, since failing execve()s are fundamentally a little slower than stat(), and are significantly slower when a file is found but has unsuitable permissions or points to an unsuitable interpreter. PR: 1487
1997-10-14 07:23:16 +00:00
struct stat sb;
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
Fixed searching of $PATH in execvp(). Do what sh(1) should do according to POSIX.2. In particular: - don't retry for ETXTBSY. This matches what sh(1) does. The retry code was broken anyway. It only slept for several seconds for the first few retries. Then it retried without sleeping. - don't abort the search for errors related to the path prefix, in particular for ENAMETOOLONG, ENOTDIR, ELOOP. This fixes PR1487. sh(1) gets this wrong in the opposite direction by never aborting the search. - don't confuse EACCES for errors related to the path prefix with EACCES for errors related to the file. sh(1) gets this wrong. - don't return a stale errno when the search terminates normally without finding anything. The errno for the last unsuccessful execve() was usually returned. This gave too much precedence to pathologies in the last component of $PATH. This bug is irrelevant for sh(1). The implementation still uses the optimization/race-inhibitor of trying to execve() things first. POSIX.2 seems to require looking at file permissions using stat(). We now use stat() after execve() if execve() fails with an ambiguous error. Trying execve() first may actually be a pessimization, since failing execve()s are fundamentally a little slower than stat(), and are significantly slower when a file is found but has unsuitable permissions or points to an unsuitable interpreter. PR: 1487
1997-10-14 07:23:16 +00:00
eacces = 0;
Fixed uninitialized variables for the '/'-in-pathname case in execvp(). Garbage in `eacces' caused the wrong errno to be set for non-EACCES errors. Garbage in `etxtbsy' caused a semi-random retry strategy for ETXTBSY errors. Found by: NIST-PCTS. gcc -Wall reported the problem, but -Wall is not enabled for libc.
1996-11-18 16:56:51 +00:00
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
/* If it's an absolute or relative path name, it's easy. */
Replace index() and rindex() calls with strchr() and strrchr(). The index() and rindex() functions were marked LEGACY in the 2001 revision of POSIX and were subsequently removed from the 2008 revision. The strchr() and strrchr() functions are part of the C standard. This makes the source code a lot more consistent, as most of these C files also call into other str*() routines. In fact, about a dozen already perform strchr() calls.
2012-01-03 18:51:58 +00:00
if (strchr(name, '/')) {
Remove warnings from exec.c. The entries in the argv array are not const themselves, but sometimes we want to fill in const values. Just make the array const and use __DECONST() to make it const for the execve()-call itself. Also convert the only K&R prototype to ANSI.
2009-12-05 18:55:16 +00:00
bp = name;
execvPe: obviate the need for potentially large stack allocations Some environments in which execvPe may be called have a limited amount of stack available. Currently, it avoidably allocates a segment on the stack large enough to hold PATH so that it may be mutated and use strsep() for easy parsing. This logic is now rewritten to just operate on the immutable string passed in and do the necessary math to extract individual paths, since it will be copying out those segments to another buffer anyways and piecing them together with the name for a full path. Additional size is also needed for the stack in posix_spawnp(), because it may need to push all of argv to the stack and rebuild the command with sh in front of it. We'll make sure it's properly aligned for the new thread, but future work should likely make rfork_thread a little easier to use by ensuring proper alignment. Some trivial cleanup has been done with a couple of error writes, moving strings into char arrays for use with the less fragile sizeof(). Reported by: Andrew Gierth <andrew_tao173.riddles.org.uk> Reviewed by: jilles, kib, Andrew Gierth MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D25038
2020-06-10 01:32:13 +00:00
op = NULL;
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
goto retry;
}
bp = buf;
Fixed execvp() of an empty pathname to fail POSIXly. Previously it attempted to exec the components of $PATH and it usually set errno to the wrong value. Found by: NIST PCTS
1996-11-18 19:24:47 +00:00
/* If it's an empty path name, fail in the usual POSIX way. */
if (*name == '\0') {
errno = ENOENT;
return (-1);
}
execvPe: obviate the need for potentially large stack allocations Some environments in which execvPe may be called have a limited amount of stack available. Currently, it avoidably allocates a segment on the stack large enough to hold PATH so that it may be mutated and use strsep() for easy parsing. This logic is now rewritten to just operate on the immutable string passed in and do the necessary math to extract individual paths, since it will be copying out those segments to another buffer anyways and piecing them together with the name for a full path. Additional size is also needed for the stack in posix_spawnp(), because it may need to push all of argv to the stack and rebuild the command with sh in front of it. We'll make sure it's properly aligned for the new thread, but future work should likely make rfork_thread a little easier to use by ensuring proper alignment. Some trivial cleanup has been done with a couple of error writes, moving strings into char arrays for use with the less fragile sizeof(). Reported by: Andrew Gierth <andrew_tao173.riddles.org.uk> Reviewed by: jilles, kib, Andrew Gierth MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D25038
2020-06-10 01:32:13 +00:00
op = path;
ln = strlen(name);
while (op != NULL) {
np = strchrnul(op, ':');
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
/*
* It's a SHELL path -- double, leading and trailing colons
* mean the current directory.
*/
execvPe: obviate the need for potentially large stack allocations Some environments in which execvPe may be called have a limited amount of stack available. Currently, it avoidably allocates a segment on the stack large enough to hold PATH so that it may be mutated and use strsep() for easy parsing. This logic is now rewritten to just operate on the immutable string passed in and do the necessary math to extract individual paths, since it will be copying out those segments to another buffer anyways and piecing them together with the name for a full path. Additional size is also needed for the stack in posix_spawnp(), because it may need to push all of argv to the stack and rebuild the command with sh in front of it. We'll make sure it's properly aligned for the new thread, but future work should likely make rfork_thread a little easier to use by ensuring proper alignment. Some trivial cleanup has been done with a couple of error writes, moving strings into char arrays for use with the less fragile sizeof(). Reported by: Andrew Gierth <andrew_tao173.riddles.org.uk> Reviewed by: jilles, kib, Andrew Gierth MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D25038
2020-06-10 01:32:13 +00:00
if (np == op) {
/* Empty component. */
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
p = ".";
lp = 1;
execvPe: obviate the need for potentially large stack allocations Some environments in which execvPe may be called have a limited amount of stack available. Currently, it avoidably allocates a segment on the stack large enough to hold PATH so that it may be mutated and use strsep() for easy parsing. This logic is now rewritten to just operate on the immutable string passed in and do the necessary math to extract individual paths, since it will be copying out those segments to another buffer anyways and piecing them together with the name for a full path. Additional size is also needed for the stack in posix_spawnp(), because it may need to push all of argv to the stack and rebuild the command with sh in front of it. We'll make sure it's properly aligned for the new thread, but future work should likely make rfork_thread a little easier to use by ensuring proper alignment. Some trivial cleanup has been done with a couple of error writes, moving strings into char arrays for use with the less fragile sizeof(). Reported by: Andrew Gierth <andrew_tao173.riddles.org.uk> Reviewed by: jilles, kib, Andrew Gierth MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D25038
2020-06-10 01:32:13 +00:00
} else {
/* Non-empty component. */
p = op;
lp = np - op;
}
/* Advance to the next component or terminate after this. */
if (*np == '\0')
op = NULL;
else
op = np + 1;
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
/*
* If the path is too long complain. This is a possible
* security issue; given a way to make the path too long
* the user may execute the wrong program.
*/
if (lp + ln + 2 > sizeof(buf)) {
execvPe: obviate the need for potentially large stack allocations Some environments in which execvPe may be called have a limited amount of stack available. Currently, it avoidably allocates a segment on the stack large enough to hold PATH so that it may be mutated and use strsep() for easy parsing. This logic is now rewritten to just operate on the immutable string passed in and do the necessary math to extract individual paths, since it will be copying out those segments to another buffer anyways and piecing them together with the name for a full path. Additional size is also needed for the stack in posix_spawnp(), because it may need to push all of argv to the stack and rebuild the command with sh in front of it. We'll make sure it's properly aligned for the new thread, but future work should likely make rfork_thread a little easier to use by ensuring proper alignment. Some trivial cleanup has been done with a couple of error writes, moving strings into char arrays for use with the less fragile sizeof(). Reported by: Andrew Gierth <andrew_tao173.riddles.org.uk> Reviewed by: jilles, kib, Andrew Gierth MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D25038
2020-06-10 01:32:13 +00:00
(void)_write(STDERR_FILENO, execvPe_err_preamble,
sizeof(execvPe_err_preamble) - 1);
Simplify sytem call renaming. Instead of _foo() <-- _libc_foo <-- foo(), just use _foo() <-- foo(). In the case of a libpthread that doesn't do call conversion (such as linuxthreads and our upcoming libpthread), this is adequate. In the case of libc_r, we still need three names, which are now _thread_sys_foo() <-- _foo() <-- foo(). Convert all internal libc usage of: aio_suspend(), close(), fsync(), msync(), nanosleep(), open(), fcntl(), read(), and write() to _foo() instead of foo(). Remove all internal libc usage of: creat(), pause(), sleep(), system(), tcdrain(), wait(), and waitpid(). Make thread cancellation fully POSIX-compliant. Suggested by: deischen
2000-01-27 23:07:25 +00:00
(void)_write(STDERR_FILENO, p, lp);
execvPe: obviate the need for potentially large stack allocations Some environments in which execvPe may be called have a limited amount of stack available. Currently, it avoidably allocates a segment on the stack large enough to hold PATH so that it may be mutated and use strsep() for easy parsing. This logic is now rewritten to just operate on the immutable string passed in and do the necessary math to extract individual paths, since it will be copying out those segments to another buffer anyways and piecing them together with the name for a full path. Additional size is also needed for the stack in posix_spawnp(), because it may need to push all of argv to the stack and rebuild the command with sh in front of it. We'll make sure it's properly aligned for the new thread, but future work should likely make rfork_thread a little easier to use by ensuring proper alignment. Some trivial cleanup has been done with a couple of error writes, moving strings into char arrays for use with the less fragile sizeof(). Reported by: Andrew Gierth <andrew_tao173.riddles.org.uk> Reviewed by: jilles, kib, Andrew Gierth MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D25038
2020-06-10 01:32:13 +00:00
(void)_write(STDERR_FILENO, execvPe_err_trailer,
sizeof(execvPe_err_trailer) - 1);
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
continue;
}
bcopy(p, buf, lp);
buf[lp] = '/';
bcopy(name, buf + lp + 1, ln);
buf[lp + ln + 1] = '\0';
Properly use the envp argument in execvPe(). execvPe() is called by _execvpe(), which we added to implement posix_spawnp(). We just took execvP() and added the envp argument. Unfortunately we forgot to change the implementation to use envp over environ. This fixes the following piece of code: | char * const arg[2] = { "env", NULL }; | char * const env[2] = { "FOO=BAR", NULL }; | posix_spawnp(NULL, "/usr/bin/env", NULL, NULL, arg, env); MFC after: 2 weeks
2009-11-27 13:05:14 +00:00
retry: (void)_execve(bp, argv, envp);
Fixed some style bugs.
2003-07-01 12:30:03 +00:00
switch (errno) {
Fixed searching of $PATH in execvp(). Do what sh(1) should do according to POSIX.2. In particular: - don't retry for ETXTBSY. This matches what sh(1) does. The retry code was broken anyway. It only slept for several seconds for the first few retries. Then it retried without sleeping. - don't abort the search for errors related to the path prefix, in particular for ENAMETOOLONG, ENOTDIR, ELOOP. This fixes PR1487. sh(1) gets this wrong in the opposite direction by never aborting the search. - don't confuse EACCES for errors related to the path prefix with EACCES for errors related to the file. sh(1) gets this wrong. - don't return a stale errno when the search terminates normally without finding anything. The errno for the last unsuccessful execve() was usually returned. This gave too much precedence to pathologies in the last component of $PATH. This bug is irrelevant for sh(1). The implementation still uses the optimization/race-inhibitor of trying to execve() things first. POSIX.2 seems to require looking at file permissions using stat(). We now use stat() after execve() if execve() fails with an ambiguous error. Trying execve() first may actually be a pessimization, since failing execve()s are fundamentally a little slower than stat(), and are significantly slower when a file is found but has unsuitable permissions or points to an unsuitable interpreter. PR: 1487
1997-10-14 07:23:16 +00:00
case E2BIG:
goto done;
case ELOOP:
case ENAMETOOLONG:
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
case ENOENT:
break;
case ENOEXEC:
Fix execl[e]. Multiple execle's failed because of bogus caching of the pointer returned by realloc(). All callers free the pointer if the execve fails. Nuke the caching. This essentially restores buildargv() to the 1.1.5 version. Also fix a memory leak if realloc() fails. Also nuke similar but non-broken caching in execvp(). malloc() should be efficient enough.
1994-12-12 01:15:01 +00:00
for (cnt = 0; argv[cnt]; ++cnt)
;
execvp: fix up the ENOEXEC fallback If execve fails with ENOEXEC, execvp is expected to rebuild the command with /bin/sh instead and try again. The previous version did this, but overlooked two details: argv[0] can conceivably be NULL, in which case memp would never get terminated. We must allocate no less than three * sizeof(char *) so we can properly terminate at all times. For the non-NULL argv standard case, we count all the non-NULL elements and actually skip the first argument, so we end up capturing the NULL terminator in our bcopy(). The second detail is that the spec is actually worded such that we should have been preserving argv[0] as passed to execvp: "[...] executed command shall be as if the process invoked the sh utility using execl() as follows: execl(<shell path>, arg0, file, arg1, ..., (char *)0); where <shell path> is an unspecified pathname for the sh utility, file is the process image file, and for execvp(), where arg0, arg1, and so on correspond to the values passed to execvp() in argv[0], argv[1], and so on." So we make this change at this time as well, while we're already touching it. We decidedly can't preserve a NULL argv[0] as this would be incredibly, incredibly fragile, so we retain our legacy behavior of using "sh" for argv[] in this specific instance. Some light tests are added to try and detect some components of handling the ENOEXEC fallback; posix_spawnp_enoexec_fallback_null_argv0 is likely not 100% reliable, but it at least won't raise false-alarms and it did result in useful failures with pre-change libc on my machine. This is a secondary change in D25038. Reported by: Andrew Gierth <andrew_tao173.riddles.org.uk> Reviewed by: jilles, kib, Andrew Gierth MFC after: 1 week
2020-06-10 01:30:37 +00:00
/*
* cnt may be 0 above; always allocate at least
* 3 entries so that we can at least fit "sh", bp, and
* the NULL terminator. We can rely on cnt to take into
* account the NULL terminator in all other scenarios,
* as we drop argv[0].
*/
memp = alloca(MAX(3, cnt + 2) * sizeof(char *));
Remove last remaining references to malloc/realloc and functions that call them. All the execX() libc functions should be vfork() safe now. Specifically: - execlp() does the argument count-and-build into a vector from alloca (like the others) - buildargv() is no longer used (and gone). - execvp() uses alloca/strcpy rather than strdup(). - the ENOEXEC handler uses alloca rather than malloc. - a couple of free() calls removed - alloca works on the local stack and the allocations are freed on function exit (which is why buildargv wasn't useful - it's alloca() context would disappear on return). Along the way: - If alloca() fails (can it?), set errno = ENOMEM explicitly. - The ENOEXEC recovery routine that trys again with /bin/sh appeared to not be terminating the new argv[] array for /bin/sh, allowing it to walk off the end of the list. I dithered a bit about using alloca() even more as it's most commonly associated with gcc. However, standalone portable (using malloc) and machine-specific assembler alloca implementations appear to be available on just about all the architectures we're likely to want to port to. alloca will be the least of our problems if ever going to another compiler.
1999-03-23 16:40:34 +00:00
if (memp == NULL) {
/* errno = ENOMEM; XXX override ENOEXEC? */
Fix execl[e]. Multiple execle's failed because of bogus caching of the pointer returned by realloc(). All callers free the pointer if the execve fails. Nuke the caching. This essentially restores buildargv() to the 1.1.5 version. Also fix a memory leak if realloc() fails. Also nuke similar but non-broken caching in execvp(). malloc() should be efficient enough.
1994-12-12 01:15:01 +00:00
goto done;
Remove last remaining references to malloc/realloc and functions that call them. All the execX() libc functions should be vfork() safe now. Specifically: - execlp() does the argument count-and-build into a vector from alloca (like the others) - buildargv() is no longer used (and gone). - execvp() uses alloca/strcpy rather than strdup(). - the ENOEXEC handler uses alloca rather than malloc. - a couple of free() calls removed - alloca works on the local stack and the allocations are freed on function exit (which is why buildargv wasn't useful - it's alloca() context would disappear on return). Along the way: - If alloca() fails (can it?), set errno = ENOMEM explicitly. - The ENOEXEC recovery routine that trys again with /bin/sh appeared to not be terminating the new argv[] array for /bin/sh, allowing it to walk off the end of the list. I dithered a bit about using alloca() even more as it's most commonly associated with gcc. However, standalone portable (using malloc) and machine-specific assembler alloca implementations appear to be available on just about all the architectures we're likely to want to port to. alloca will be the least of our problems if ever going to another compiler.
1999-03-23 16:40:34 +00:00
}
execvp: fix up the ENOEXEC fallback If execve fails with ENOEXEC, execvp is expected to rebuild the command with /bin/sh instead and try again. The previous version did this, but overlooked two details: argv[0] can conceivably be NULL, in which case memp would never get terminated. We must allocate no less than three * sizeof(char *) so we can properly terminate at all times. For the non-NULL argv standard case, we count all the non-NULL elements and actually skip the first argument, so we end up capturing the NULL terminator in our bcopy(). The second detail is that the spec is actually worded such that we should have been preserving argv[0] as passed to execvp: "[...] executed command shall be as if the process invoked the sh utility using execl() as follows: execl(<shell path>, arg0, file, arg1, ..., (char *)0); where <shell path> is an unspecified pathname for the sh utility, file is the process image file, and for execvp(), where arg0, arg1, and so on correspond to the values passed to execvp() in argv[0], argv[1], and so on." So we make this change at this time as well, while we're already touching it. We decidedly can't preserve a NULL argv[0] as this would be incredibly, incredibly fragile, so we retain our legacy behavior of using "sh" for argv[] in this specific instance. Some light tests are added to try and detect some components of handling the ENOEXEC fallback; posix_spawnp_enoexec_fallback_null_argv0 is likely not 100% reliable, but it at least won't raise false-alarms and it did result in useful failures with pre-change libc on my machine. This is a secondary change in D25038. Reported by: Andrew Gierth <andrew_tao173.riddles.org.uk> Reviewed by: jilles, kib, Andrew Gierth MFC after: 1 week
2020-06-10 01:30:37 +00:00
if (cnt > 0) {
memp[0] = argv[0];
memp[1] = bp;
bcopy(argv + 1, memp + 2, cnt * sizeof(char *));
} else {
memp[0] = "sh";
memp[1] = bp;
memp[2] = NULL;
}
Remove warnings from exec.c. The entries in the argv array are not const themselves, but sometimes we want to fill in const values. Just make the array const and use __DECONST() to make it const for the execve()-call itself. Also convert the only K&R prototype to ANSI.
2009-12-05 18:55:16 +00:00
(void)_execve(_PATH_BSHELL,
__DECONST(char **, memp), envp);
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
goto done;
Fixed searching of $PATH in execvp(). Do what sh(1) should do according to POSIX.2. In particular: - don't retry for ETXTBSY. This matches what sh(1) does. The retry code was broken anyway. It only slept for several seconds for the first few retries. Then it retried without sleeping. - don't abort the search for errors related to the path prefix, in particular for ENAMETOOLONG, ENOTDIR, ELOOP. This fixes PR1487. sh(1) gets this wrong in the opposite direction by never aborting the search. - don't confuse EACCES for errors related to the path prefix with EACCES for errors related to the file. sh(1) gets this wrong. - don't return a stale errno when the search terminates normally without finding anything. The errno for the last unsuccessful execve() was usually returned. This gave too much precedence to pathologies in the last component of $PATH. This bug is irrelevant for sh(1). The implementation still uses the optimization/race-inhibitor of trying to execve() things first. POSIX.2 seems to require looking at file permissions using stat(). We now use stat() after execve() if execve() fails with an ambiguous error. Trying execve() first may actually be a pessimization, since failing execve()s are fundamentally a little slower than stat(), and are significantly slower when a file is found but has unsuitable permissions or points to an unsuitable interpreter. PR: 1487
1997-10-14 07:23:16 +00:00
case ENOMEM:
goto done;
case ENOTDIR:
break;
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
case ETXTBSY:
Fixed searching of $PATH in execvp(). Do what sh(1) should do according to POSIX.2. In particular: - don't retry for ETXTBSY. This matches what sh(1) does. The retry code was broken anyway. It only slept for several seconds for the first few retries. Then it retried without sleeping. - don't abort the search for errors related to the path prefix, in particular for ENAMETOOLONG, ENOTDIR, ELOOP. This fixes PR1487. sh(1) gets this wrong in the opposite direction by never aborting the search. - don't confuse EACCES for errors related to the path prefix with EACCES for errors related to the file. sh(1) gets this wrong. - don't return a stale errno when the search terminates normally without finding anything. The errno for the last unsuccessful execve() was usually returned. This gave too much precedence to pathologies in the last component of $PATH. This bug is irrelevant for sh(1). The implementation still uses the optimization/race-inhibitor of trying to execve() things first. POSIX.2 seems to require looking at file permissions using stat(). We now use stat() after execve() if execve() fails with an ambiguous error. Trying execve() first may actually be a pessimization, since failing execve()s are fundamentally a little slower than stat(), and are significantly slower when a file is found but has unsuitable permissions or points to an unsuitable interpreter. PR: 1487
1997-10-14 07:23:16 +00:00
/*
* We used to retry here, but sh(1) doesn't.
*/
goto done;
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
default:
Fixed searching of $PATH in execvp(). Do what sh(1) should do according to POSIX.2. In particular: - don't retry for ETXTBSY. This matches what sh(1) does. The retry code was broken anyway. It only slept for several seconds for the first few retries. Then it retried without sleeping. - don't abort the search for errors related to the path prefix, in particular for ENAMETOOLONG, ENOTDIR, ELOOP. This fixes PR1487. sh(1) gets this wrong in the opposite direction by never aborting the search. - don't confuse EACCES for errors related to the path prefix with EACCES for errors related to the file. sh(1) gets this wrong. - don't return a stale errno when the search terminates normally without finding anything. The errno for the last unsuccessful execve() was usually returned. This gave too much precedence to pathologies in the last component of $PATH. This bug is irrelevant for sh(1). The implementation still uses the optimization/race-inhibitor of trying to execve() things first. POSIX.2 seems to require looking at file permissions using stat(). We now use stat() after execve() if execve() fails with an ambiguous error. Trying execve() first may actually be a pessimization, since failing execve()s are fundamentally a little slower than stat(), and are significantly slower when a file is found but has unsuitable permissions or points to an unsuitable interpreter. PR: 1487
1997-10-14 07:23:16 +00:00
/*
* EACCES may be for an inaccessible directory or
* a non-executable file. Call stat() to decide
* which. This also handles ambiguities for EFAULT
* and EIO, and undocumented errors like ESTALE.
* We hope that the race for a stat() is unimportant.
*/
save_errno = errno;
stat() the correct file in execvp() so that the fine tuned errno handling actually works.
1997-11-20 15:09:38 +00:00
if (stat(bp, &sb) != 0)
Fixed searching of $PATH in execvp(). Do what sh(1) should do according to POSIX.2. In particular: - don't retry for ETXTBSY. This matches what sh(1) does. The retry code was broken anyway. It only slept for several seconds for the first few retries. Then it retried without sleeping. - don't abort the search for errors related to the path prefix, in particular for ENAMETOOLONG, ENOTDIR, ELOOP. This fixes PR1487. sh(1) gets this wrong in the opposite direction by never aborting the search. - don't confuse EACCES for errors related to the path prefix with EACCES for errors related to the file. sh(1) gets this wrong. - don't return a stale errno when the search terminates normally without finding anything. The errno for the last unsuccessful execve() was usually returned. This gave too much precedence to pathologies in the last component of $PATH. This bug is irrelevant for sh(1). The implementation still uses the optimization/race-inhibitor of trying to execve() things first. POSIX.2 seems to require looking at file permissions using stat(). We now use stat() after execve() if execve() fails with an ambiguous error. Trying execve() first may actually be a pessimization, since failing execve()s are fundamentally a little slower than stat(), and are significantly slower when a file is found but has unsuitable permissions or points to an unsuitable interpreter. PR: 1487
1997-10-14 07:23:16 +00:00
break;
if (save_errno == EACCES) {
eacces = 1;
continue;
}
errno = save_errno;
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
goto done;
}
}
if (eacces)
errno = EACCES;
Fixed searching of $PATH in execvp(). Do what sh(1) should do according to POSIX.2. In particular: - don't retry for ETXTBSY. This matches what sh(1) does. The retry code was broken anyway. It only slept for several seconds for the first few retries. Then it retried without sleeping. - don't abort the search for errors related to the path prefix, in particular for ENAMETOOLONG, ENOTDIR, ELOOP. This fixes PR1487. sh(1) gets this wrong in the opposite direction by never aborting the search. - don't confuse EACCES for errors related to the path prefix with EACCES for errors related to the file. sh(1) gets this wrong. - don't return a stale errno when the search terminates normally without finding anything. The errno for the last unsuccessful execve() was usually returned. This gave too much precedence to pathologies in the last component of $PATH. This bug is irrelevant for sh(1). The implementation still uses the optimization/race-inhibitor of trying to execve() things first. POSIX.2 seems to require looking at file permissions using stat(). We now use stat() after execve() if execve() fails with an ambiguous error. Trying execve() first may actually be a pessimization, since failing execve()s are fundamentally a little slower than stat(), and are significantly slower when a file is found but has unsuitable permissions or points to an unsuitable interpreter. PR: 1487
1997-10-14 07:23:16 +00:00
else
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
errno = ENOENT;
Remove last remaining references to malloc/realloc and functions that call them. All the execX() libc functions should be vfork() safe now. Specifically: - execlp() does the argument count-and-build into a vector from alloca (like the others) - buildargv() is no longer used (and gone). - execvp() uses alloca/strcpy rather than strdup(). - the ENOEXEC handler uses alloca rather than malloc. - a couple of free() calls removed - alloca works on the local stack and the allocations are freed on function exit (which is why buildargv wasn't useful - it's alloca() context would disappear on return). Along the way: - If alloca() fails (can it?), set errno = ENOMEM explicitly. - The ENOEXEC recovery routine that trys again with /bin/sh appeared to not be terminating the new argv[] array for /bin/sh, allowing it to walk off the end of the list. I dithered a bit about using alloca() even more as it's most commonly associated with gcc. However, standalone portable (using malloc) and machine-specific assembler alloca implementations appear to be available on just about all the architectures we're likely to want to port to. alloca will be the least of our problems if ever going to another compiler.
1999-03-23 16:40:34 +00:00
done:
BSD 4.4 Lite Lib Sources
1994-05-27 05:00:24 +00:00
return (-1);
}
Add POSIX routines called posix_spawn() and posix_spawnp(), which can be used as replacements for exec/fork in a lot of cases. This change also added execvpe() which allows environment variable PATH to be used for searching executable file, it is used for implementing posix_spawnp(). PR: standards/122051
2008-06-17 06:26:29 +00:00
int
execvP(const char *name, const char *path, char * const argv[])
{
return execvPe(name, path, argv, environ);
}
int
Turn execvpe() into an internal libc routine. Adding exevpe() has caused some ports to break. Even though execvpe() is a useful routine, it does not conform to any standards. This patch is a little bit different from the patch sent to the mailing list. I forgot to remove execvpe from the Symbol.map (which does not seem to miscompile libc, though). Reviewed by: davidxu Approved by: philip
2008-06-23 05:22:06 +00:00
_execvpe(const char *name, char * const argv[], char * const envp[])
Add POSIX routines called posix_spawn() and posix_spawnp(), which can be used as replacements for exec/fork in a lot of cases. This change also added execvpe() which allows environment variable PATH to be used for searching executable file, it is used for implementing posix_spawnp(). PR: standards/122051
2008-06-17 06:26:29 +00:00
{
const char *path;
/* Get the path we're searching. */
if ((path = getenv("PATH")) == NULL)
path = _PATH_DEFPATH;
return (execvPe(name, path, argv, envp));
}
Reference in New Issue Copy Permalink