Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3a04ed7d2f8748a79941a3676658fc25@sap.com>
Date: Fri, 9 Mar 2018 12:23:06 +0000
From: "Siebenborn, Axel" <axel.siebenborn@....com>
To: "musl@...ts.openwall.com" <musl@...ts.openwall.com>
Subject: No fallback to /bin/sh in execvp

Hi,

I encountered a problem with execvp with musl.
Trying to execute shell scripts without #! fails with ENOEXEC.
However, according to the standard, execvp should fallback to execute the file using /bin/sh.

A simple test:

Create a  script file 'prog'  without '!#' with the following content and make it executable:

/bin/echo "$@" 

Compile and run the following c-program:

#include <unistd.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>

int main (){
  int ret;
  char *cmd[] = { "./prog","Hello", "World", (char *)0 };
  ret = execvp ("./prog", cmd);
  int errorNumber = errno;
  printf("Error code: %d. Error message: %s\n", errorNumber, strerror(errorNumber));
}

With musl the execution results in the following error:

Error code: 8. Error message: Exec format error

With glibs 'Hello world' is printed.

Is this a bug, that will be fixed someday or intended behavior for security reasons.

I think it's a quiet a strange way to execute shell commands. However, some ancient code might rely on this 
and compatibility wins over sanity,

Kind regards,
Axel

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.