| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 sourceware.org 5176C3858289 |
| DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; |
| s=default; t=1681645606; | |
| bh=uifshW7F68qRd23+/NVf3T3WPf7MdqmNDh7MdHhJmcU=; | |
| h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: | |
| List-Help:List-Subscribe:From:Reply-To:From; | |
| b=BMb09nOI+//494tW+ZAnJFthrgGXNMivnLNw5WjI2oFg9LmXtHULYOB0B1L0OUTNW | |
| mM69gTFExyNxLYG423TEqExKj7fQEU2+HYmUw3CTzDcQlPY3nzrtS2pfr8XfyjTXi1 | |
| wKgxpUNXlx6defz3hXDcj9mjqZmRlGiYEHsTEeyw= | |
| X-Original-To: | cygwin AT cygwin DOT com |
| Delivered-To: | cygwin AT cygwin DOT com |
| DMARC-Filter: | OpenDMARC Filter v1.4.2 sourceware.org 317D93858D1E |
| ARC-Seal: | i=1; a=rsa-sha256; t=1681645587; cv=none; |
| d=strato.com; s=strato-dkim-0002; | |
| b=NVMnxXzQtaDj3gSf5qXX/gH4ySPOT1pN+wFQkqncSWd9qU1KBBQHInN7d8dTIRS5jN | |
| 34bzDlVSpqDGBGYd6R2MVb7eVhNBbYXt8bb/ArBCHLX37dr4lESpB8S5XjY1HYXIrWQa | |
| 8cdDhQrEJlZ7Kgre/KVzPYGySiZQ5vf31JgF1emd5tF2DeXBSgTMycptP1+V692fLfxR | |
| 4ZWSHTLVRDwXtJvs4W1ctJD8K7HIY8ehv6M38IKRKOb34Z9roIeERJ24u9XL1r6qr+hQ | |
| lSSgtmkAxrTMbQpIHXE1Hznw0eC1DDMF94LnK6Ydfd4Zj3cqICeRbfhy6jJDuj7gkVNk | |
| m5JA== | |
| ARC-Message-Signature: | i=1; a=rsa-sha256; c=relaxed/relaxed; t=1681645587; |
| s=strato-dkim-0002; d=strato.com; | |
| h=Message-ID:Date:Subject:To:From:Cc:Date:From:Subject:Sender; | |
| bh=4oaUNJZyTrjpkeWTLmt49NAIcXgOARb0BCK6fSRGy1o=; | |
| b=PEFBu0oCILvBWixzeY4q8s7FfUpuatRs9ACJH+UuG5/vOkkZLj2avDwDRU/J+MeX9h | |
| Eig/n2HbWzWxPuflHSkiimXmOpCDmxK0QeACYG5RyIf6qdE1iiiEHqa0I2feuyl7MeqO | |
| BRBl2HzyRx+97fyfTozTyjjIU7RDXefrNoxXBy/JiVx7u1rQDVKftVa0b1EeWLGptAOT | |
| 7w0TWPoOWACex5sGQxBSaCxW1RTKUuDDYqDu/amTsxNJ92BQfuFstJC6s1nIxiMZBKxa | |
| DtFDZ1MsoytXtnKmOpPneUZiyVp1w/xlVyjBKlfUrMwTjSkPyvHb3mfnkkDCD7ycNiI7 | |
| rrKg== | |
| ARC-Authentication-Results: | i=1; strato.com; |
| arc=none; | |
| dkim=none | |
| X-RZG-CLASS-ID: | mo00 |
| X-RZG-AUTH: | ":Ln4Re0+Ic/6oZXR1YgKryK8brlshOcZlIWs+iCP5vnk6shH0WWb0LN8XZoH94zq68+3cfpORj/S5ZbhmOq7DrkkPw86ewZAL" |
| To: | cygwin AT cygwin DOT com |
| Subject: | posix_spawn facility |
| Date: | Sun, 16 Apr 2023 13:46:27 +0200 |
| Message-ID: | <1752276.7aRn1RRit1@nimes> |
| MIME-Version: | 1.0 |
| X-Spam-Status: | No, score=-3.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, |
| DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, KAM_ASCII_DIVIDERS, | |
| RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_NONE, TXREP, | |
| T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 | |
| X-Spam-Checker-Version: | SpamAssassin 3.4.6 (2021-04-09) on |
| server2.sourceware.org | |
| X-BeenThere: | cygwin AT cygwin DOT com |
| X-Mailman-Version: | 2.1.29 |
| List-Id: | General Cygwin discussions and problem reports <cygwin.cygwin.com> |
| List-Archive: | <https://cygwin.com/pipermail/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-request AT cygwin DOT com?subject=help> |
| List-Subscribe: | <https://cygwin.com/mailman/listinfo/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=subscribe> | |
| From: | Bruno Haible via Cygwin <cygwin AT cygwin DOT com> |
| Reply-To: | Bruno Haible <bruno AT clisp DOT org> |
| Sender: | "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com> |
Hi,
AFAIU, Cygwin has a working posix_spawn[p] implementation since 2020
(commit 3fbfcd11fb09d5f47af3043ee47ec5c7d863d872, 2020-08-03, Cygwin 3.1.7).
Additionally, Gnulib has a posix_spawn[p] implementation since 2022,
that works on all platforms, including native Windows. Based on it,
I recommend posix_spawn[p] over fork+exec, see
https://savannah.gnu.org/news/?id=10219 . It allows to have a single
application code for spawning subprocesses.
The GNU groff maintainer asks about the performance of posix_spawn[p]
on Cygwin. And here's the problem: While Cygwin has an implementation
that avoids the slow fork(), by calling child_info_spawn::worker more
or less directly, Gnulib prefers its own implementation over the Cygwin
one, and the Gnulib implementation uses slow fork()+exec().
The reason is that we consider posix_spawn[p] unsecure if it will
readily execute plain text files without a #! marker as if they were
shell scripts, usually leading to plenty of syntax errors, but also
exhibiting undefined behaviour.
This reasoning follows what was done in GNU libc:
https://sourceware.org/bugzilla/show_bug.cgi?id=13134
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=d96de9634a334af16c0ac711074c15ac1762b23c
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=13adfa34aff03fd9f1c1612b537a0d736ddb6c2b
These are the two configure tests that Gnulib uses:
======================= test secure posix_spawn ==========================
Preparation:
echo ':' > conftest.scr
chmod a+x conftest.scr
C program:
#include <errno.h>
#include <spawn.h>
#include <stddef.h>
#include <sys/types.h>
#include <sys/wait.h>
int
main ()
{
const char *prog_path = "./conftest.scr";
const char *prog_argv[2] = { prog_path, NULL };
const char *environment[2] = { "PATH=.", NULL };
pid_t child;
int status;
int err = posix_spawn (&child, prog_path, NULL, NULL,
(char **) prog_argv, (char **) environment);
if (err == ENOEXEC)
return 0;
if (err != 0)
return 1;
status = 0;
while (waitpid (child, &status, 0) != child)
;
if (!WIFEXITED (status))
return 2;
if (WEXITSTATUS (status) != 127)
return 3;
return 0;
}
======================= test secure posix_spawnp =========================
Preparation:
echo ':' > conftest.scr
chmod a+x conftest.scr
C program:
#include <errno.h>
#include <spawn.h>
#include <stddef.h>
#include <sys/types.h>
#include <sys/wait.h>
int
main ()
{
const char *prog_path = "./conftest.scr";
const char *prog_argv[2] = { prog_path, NULL };
const char *environment[2] = { "PATH=.", NULL };
pid_t child;
int status;
int err = posix_spawnp (&child, prog_path, NULL, NULL,
(char **) prog_argv, (char **) environment);
if (err == ENOEXEC)
return 0;
if (err != 0)
return 1;
status = 0;
while (waitpid (child, &status, 0) != child)
;
if (!WIFEXITED (status))
return 2;
if (WEXITSTATUS (status) != 127)
return 3;
return 0;
}
==========================================================================
In Cygwin, the "test secure posix_spawn" recipe succeeds, whereas the
"test secure posix_spawnp" fails; the latter is the obstacle that
prevents Gnulib from using Cygwin's implementation.
Would it be possible to change Cygwin's posix_spawnp implementation,
so that both tests succeed?
Disclaimer: I have done my tests with Cygwin 2.9.0; so, if things have
improved since then, the better!
Bruno
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |