diff options
| author | Rich Felker <dalias@aerifal.cx> | 2013-03-24 22:41:38 -0400 |
|---|---|---|
| committer | Rich Felker <dalias@aerifal.cx> | 2013-03-24 22:41:38 -0400 |
| commit | 9cb6e6ea120cfaf1df9016883012d22fb57d43e1 (patch) | |
| tree | 7ee2671a0a479cdfb548c06cb6f752ee25320e70 | |
| parent | 7914ce9204e907ae770fcbe59975010520fcac58 (diff) | |
| download | musl-9cb6e6ea120cfaf1df9016883012d22fb57d43e1.tar.gz musl-9cb6e6ea120cfaf1df9016883012d22fb57d43e1.tar.xz musl-9cb6e6ea120cfaf1df9016883012d22fb57d43e1.zip | |
rewrite popen to use posix_spawn instead of fragile vfork hacks
| -rw-r--r-- | src/stdio/popen.c | 82 |
1 files changed, 41 insertions, 41 deletions
diff --git a/src/stdio/popen.c b/src/stdio/popen.c index ed20f5a1..28ff23fd 100644 --- a/src/stdio/popen.c +++ b/src/stdio/popen.c @@ -2,28 +2,23 @@ #include <unistd.h> #include <errno.h> #include <string.h> +#include <spawn.h> #include "stdio_impl.h" -#include "pthread_impl.h" #include "syscall.h" -static void dummy_0() -{ -} -weak_alias(dummy_0, __acquire_ptc); -weak_alias(dummy_0, __release_ptc); - -pid_t __vfork(void); +extern char **__environ; FILE *popen(const char *cmd, const char *mode) { - int p[2], op, i; + int p[2], op, e; pid_t pid; FILE *f; - sigset_t old; - const char *modes = "rw", *mi = strchr(modes, *mode); + posix_spawn_file_actions_t fa; - if (mi) { - op = mi-modes; + if (*mode == 'r') { + op = 0; + } else if (*mode == 'w') { + op = 1; } else { errno = EINVAL; return 0; @@ -36,38 +31,43 @@ FILE *popen(const char *cmd, const char *mode) __syscall(SYS_close, p[1]); return NULL; } + FLOCK(f); - sigprocmask(SIG_BLOCK, SIGALL_SET, &old); - - __acquire_ptc(); - pid = __vfork(); - - if (pid) { - __release_ptc(); - __syscall(SYS_close, p[1-op]); - sigprocmask(SIG_SETMASK, &old, 0); - if (pid < 0) { - fclose(f); - return 0; + /* If the child's end of the pipe happens to already be on the final + * fd number to which it will be assigned (either 0 or 1), it must + * be moved to a different fd. Otherwise, there is no safe way to + * remove the close-on-exec flag in the child without also creating + * a file descriptor leak race condition in the parent. */ + if (p[1-op] == 1-op) { + int tmp = fcntl(F_DUPFD_CLOEXEC, 1-op, 0); + if (tmp < 0) { + e = errno; + goto fail; } - f->pipe_pid = pid; - return f; + __syscall(SYS_close, p[1-op]); + p[1-op] = tmp; } - /* See notes in system.c for why this is needed. */ - for (i=1; i<=8*__SYSCALL_SSLEN; i++) { - struct sigaction sa; - __libc_sigaction(i, 0, &sa); - if (sa.sa_handler!=SIG_IGN && sa.sa_handler!=SIG_DFL) { - sa.sa_handler = SIG_DFL; - __libc_sigaction(i, &sa, 0); + e = ENOMEM; + if (!posix_spawn_file_actions_init(&fa)) { + if (!posix_spawn_file_actions_adddup2(&fa, p[1-op], 1-op)) { + if (!(e = posix_spawn(&pid, "/bin/sh", &fa, 0, + (char *[]){ "sh", "-c", (char *)cmd, 0 }, __environ))) { + posix_spawn_file_actions_destroy(&fa); + f->pipe_pid = pid; + if (!strchr(mode, 'e')) + fcntl(p[op], F_SETFD, 0); + __syscall(SYS_close, p[1-op]); + FUNLOCK(f); + return f; + } } + posix_spawn_file_actions_destroy(&fa); } - if (dup2(p[1-op], 1-op) < 0) _exit(127); - fcntl(1-op, F_SETFD, 0); - if (p[0] != 1-op) __syscall(SYS_close, p[0]); - if (p[1] != 1-op) __syscall(SYS_close, p[1]); - sigprocmask(SIG_SETMASK, &old, 0); - execl("/bin/sh", "sh", "-c", cmd, (char *)0); - _exit(127); +fail: + fclose(f); + __syscall(SYS_close, p[1-op]); + + errno = e; + return 0; } |