X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 5176C3858289 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1681645606; bh=uifshW7F68qRd23+/NVf3T3WPf7MdqmNDh7MdHhJmcU=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=BMb09nOI+//494tW+ZAnJFthrgGXNMivnLNw5WjI2oFg9LmXtHULYOB0B1L0OUTNW mM69gTFExyNxLYG423TEqExKj7fQEU2+HYmUw3CTzDcQlPY3nzrtS2pfr8XfyjTXi1 wKgxpUNXlx6defz3hXDcj9mjqZmRlGiYEHsTEeyw= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 317D93858D1E ARC-Seal: i=1; a=rsa-sha256; t=1681645587; cv=none; d=strato.com; s=strato-dkim-0002; b=NVMnxXzQtaDj3gSf5qXX/gH4ySPOT1pN+wFQkqncSWd9qU1KBBQHInN7d8dTIRS5jN 34bzDlVSpqDGBGYd6R2MVb7eVhNBbYXt8bb/ArBCHLX37dr4lESpB8S5XjY1HYXIrWQa 8cdDhQrEJlZ7Kgre/KVzPYGySiZQ5vf31JgF1emd5tF2DeXBSgTMycptP1+V692fLfxR 4ZWSHTLVRDwXtJvs4W1ctJD8K7HIY8ehv6M38IKRKOb34Z9roIeERJ24u9XL1r6qr+hQ lSSgtmkAxrTMbQpIHXE1Hznw0eC1DDMF94LnK6Ydfd4Zj3cqICeRbfhy6jJDuj7gkVNk m5JA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; t=1681645587; s=strato-dkim-0002; d=strato.com; h=Message-ID:Date:Subject:To:From:Cc:Date:From:Subject:Sender; bh=4oaUNJZyTrjpkeWTLmt49NAIcXgOARb0BCK6fSRGy1o=; b=PEFBu0oCILvBWixzeY4q8s7FfUpuatRs9ACJH+UuG5/vOkkZLj2avDwDRU/J+MeX9h Eig/n2HbWzWxPuflHSkiimXmOpCDmxK0QeACYG5RyIf6qdE1iiiEHqa0I2feuyl7MeqO BRBl2HzyRx+97fyfTozTyjjIU7RDXefrNoxXBy/JiVx7u1rQDVKftVa0b1EeWLGptAOT 7w0TWPoOWACex5sGQxBSaCxW1RTKUuDDYqDu/amTsxNJ92BQfuFstJC6s1nIxiMZBKxa DtFDZ1MsoytXtnKmOpPneUZiyVp1w/xlVyjBKlfUrMwTjSkPyvHb3mfnkkDCD7ycNiI7 rrKg== ARC-Authentication-Results: i=1; strato.com; arc=none; dkim=none X-RZG-CLASS-ID: mo00 X-RZG-AUTH: ":Ln4Re0+Ic/6oZXR1YgKryK8brlshOcZlIWs+iCP5vnk6shH0WWb0LN8XZoH94zq68+3cfpORj/S5ZbhmOq7DrkkPw86ewZAL" To: cygwin AT cygwin DOT com Subject: posix_spawn facility Date: Sun, 16 Apr 2023 13:46:27 +0200 Message-ID: <1752276.7aRn1RRit1@nimes> MIME-Version: 1.0 X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, KAM_ASCII_DIVIDERS, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_NONE, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.29 List-Id: General Cygwin discussions and problem reports List-Archive: List-Post: List-Help: List-Subscribe: , From: Bruno Haible via Cygwin Reply-To: Bruno Haible Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Cygwin" Hi, AFAIU, Cygwin has a working posix_spawn[p] implementation since 2020 (commit 3fbfcd11fb09d5f47af3043ee47ec5c7d863d872, 2020-08-03, Cygwin 3.1.7). Additionally, Gnulib has a posix_spawn[p] implementation since 2022, that works on all platforms, including native Windows. Based on it, I recommend posix_spawn[p] over fork+exec, see https://savannah.gnu.org/news/?id=10219 . It allows to have a single application code for spawning subprocesses. The GNU groff maintainer asks about the performance of posix_spawn[p] on Cygwin. And here's the problem: While Cygwin has an implementation that avoids the slow fork(), by calling child_info_spawn::worker more or less directly, Gnulib prefers its own implementation over the Cygwin one, and the Gnulib implementation uses slow fork()+exec(). The reason is that we consider posix_spawn[p] unsecure if it will readily execute plain text files without a #! marker as if they were shell scripts, usually leading to plenty of syntax errors, but also exhibiting undefined behaviour. This reasoning follows what was done in GNU libc: https://sourceware.org/bugzilla/show_bug.cgi?id=13134 https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=d96de9634a334af16c0ac711074c15ac1762b23c https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=13adfa34aff03fd9f1c1612b537a0d736ddb6c2b These are the two configure tests that Gnulib uses: ======================= test secure posix_spawn ========================== Preparation: echo ':' > conftest.scr chmod a+x conftest.scr C program: #include #include #include #include #include int main () { const char *prog_path = "./conftest.scr"; const char *prog_argv[2] = { prog_path, NULL }; const char *environment[2] = { "PATH=.", NULL }; pid_t child; int status; int err = posix_spawn (&child, prog_path, NULL, NULL, (char **) prog_argv, (char **) environment); if (err == ENOEXEC) return 0; if (err != 0) return 1; status = 0; while (waitpid (child, &status, 0) != child) ; if (!WIFEXITED (status)) return 2; if (WEXITSTATUS (status) != 127) return 3; return 0; } ======================= test secure posix_spawnp ========================= Preparation: echo ':' > conftest.scr chmod a+x conftest.scr C program: #include #include #include #include #include int main () { const char *prog_path = "./conftest.scr"; const char *prog_argv[2] = { prog_path, NULL }; const char *environment[2] = { "PATH=.", NULL }; pid_t child; int status; int err = posix_spawnp (&child, prog_path, NULL, NULL, (char **) prog_argv, (char **) environment); if (err == ENOEXEC) return 0; if (err != 0) return 1; status = 0; while (waitpid (child, &status, 0) != child) ; if (!WIFEXITED (status)) return 2; if (WEXITSTATUS (status) != 127) return 3; return 0; } ========================================================================== In Cygwin, the "test secure posix_spawn" recipe succeeds, whereas the "test secure posix_spawnp" fails; the latter is the obstacle that prevents Gnulib from using Cygwin's implementation. Would it be possible to change Cygwin's posix_spawnp implementation, so that both tests succeed? Disclaimer: I have done my tests with Cygwin 2.9.0; so, if things have improved since then, the better! Bruno -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple