From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.0 required=5.0 tests=DKIM_ADSP_CUSTOM_MED,
	DKIM_INVALID,DKIM_SIGNED,MAILING_LIST_MULTI,NICE_REPLY_A,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,T_SCC_BODY_TEXT_LINE
	autolearn=ham autolearn_force=no version=3.4.4
Received: (qmail 22191 invoked from network); 4 May 2023 19:14:40 -0000
Received: from second.openwall.net (193.110.157.125)
  by inbox.vuxu.org with ESMTPUTF8; 4 May 2023 19:14:40 -0000
Received: (qmail 18342 invoked by uid 550); 4 May 2023 19:13:52 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Reply-To: musl@lists.openwall.com
Received: (qmail 18258 invoked from network); 4 May 2023 19:13:51 -0000
Resent-From: Rich Felker <dalias@libc.org>
Resent-Date: Thu, 4 May 2023 15:13:39 -0400
Resent-Message-ID: <20230504191339.GN3298@brightrain.aerifal.cx>
Resent-To: musl@lists.openwall.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1683226386; x=1685818386;
        h=content-transfer-encoding:in-reply-to:disposition-notification-to
         :from:references:to:content-language:subject:user-agent:mime-version
         :date:message-id:from:to:cc:subject:date:message-id:reply-to;
        bh=Hboz27YzgHFyKxnBEDA6etGVnCwQZNVCEHF/iiAyRu0=;
        b=dZVExgAOIcxGWpA8ou6XeLTob6zZP3EyP9bnl+sXkBWT40GMGoQZQ01Jb//XRQKDt6
         4ua+fqEl3WaUYSKyZs1Oufa3yUwQS+elJp2UZWO/obJknGqUY+1k91mO5frnsXAnL5Iy
         e39dIaKz0Ns0+mSELsiuxIwUamI/ACj0vDLgbVo8NX0eU+cauDnuSvo8biqe+Z5rYgBv
         xlOktXLuWRdNuUQABhlzeh7pCjNoZP8osIcUFPu/xai320LOR5cCfYRabpcq/UWkz43V
         UdfbgCI2zFh0QArt6N9Tfyb6af5XI9x82/OiPQwhvF77/pW49GFaHJqGGkjNjdlwrHMx
         fC2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683226386; x=1685818386;
        h=content-transfer-encoding:in-reply-to:disposition-notification-to
         :from:references:to:content-language:subject:user-agent:mime-version
         :date:message-id:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=Hboz27YzgHFyKxnBEDA6etGVnCwQZNVCEHF/iiAyRu0=;
        b=S9+nOaxkc7e2jRDaC8hMSDoE/Hes1f/FcXloOA5SNU7/8olMRZGWHwUMZATguzFx/h
         Nj4TsLtSMKEty0KFG3sKyTL4IwIdi26GD9wW5Ja0ueOs3btU25liCjquWKcMBw3FBm+M
         /PluOXybNDEvYuqo7hLvRi2ZQA3giyNSjQSr1FYr+TByoUoBPfgygPRRvjfEeX2h29o0
         WWD4SRZvYg8z8qL+4p2VvKKmZJEGZv6RdDeu/yai5q5LLvveOCGIwi7wYhUhLpgDtHQl
         mvCnbpRyB9pDPvAzuzt9DTR4lYS8bJ81SmOYFs+mjSQ/RBRSep9IXB+fncO+wVE42yB2
         A2YQ==
X-Gm-Message-State: AC+VfDzw0xoQqRrlMxy18qIaYKpUZowGhLNIFUnvRtUm3N7HQM9IE3VY
	TjVEIo5uKDPx+B+Guq2/RSOTXo83Q4E=
X-Google-Smtp-Source: ACHHUZ7i9pTKd6CrauXbO9a8dH2WNfsWu0WPH9TQvOEnn6n/wE/+k69iZu0WYTa1IGqa6jot56GdSw==
X-Received: by 2002:aa7:d5c3:0:b0:50b:c380:a929 with SMTP id d3-20020aa7d5c3000000b0050bc380a929mr2739727eds.10.1683226386151;
        Thu, 04 May 2023 11:53:06 -0700 (PDT)
Message-ID: <c07133c5-3e2f-c5ed-e2d6-033863ca68c8@gmail.com>
Date: Thu, 4 May 2023 20:53:03 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.10.0
Content-Language: en-US
To: Rich Felker <dalias@libc.org>
Cc: musl@lists.openwall.com
References: <ZFPeVxdqNroBcFeB@voyager>
 <20230504175208.GF4163@brightrain.aerifal.cx>
From: Petr Skocik <pskocik@gmail.com>
In-Reply-To: <20230504175208.GF4163@brightrain.aerifal.cx>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Subject: Re: [musl] Namespace violation in system()?

On 5/4/23 19:52, Rich Felker wrote:
> On Thu, May 04, 2023 at 06:33:27PM +0200, Markus Wichmann wrote:
>> Hi all,
>>
>> I stumbled upon the source code of system() today. It is this at the
>> moment:
>>
>> |int system(const char *cmd)
>> |{
>> |	pid_t pid;
>> |	sigset_t old, reset;
>> |	struct sigaction sa = { .sa_handler = SIG_IGN }, oldint, oldquit;
>> |	int status = -1, ret;
>> |	posix_spawnattr_t attr;
>> |
>> |	pthread_testcancel();
>> |
>> |	if (!cmd) return 1;
>> |
>> |	sigaction(SIGINT, &sa, &oldint);
>> |	sigaction(SIGQUIT, &sa, &oldquit);
>> |	sigaddset(&sa.sa_mask, SIGCHLD);
>> |	sigprocmask(SIG_BLOCK, &sa.sa_mask, &old);
>> |
>> |	sigemptyset(&reset);
>> |	if (oldint.sa_handler != SIG_IGN) sigaddset(&reset, SIGINT);
>> |	if (oldquit.sa_handler != SIG_IGN) sigaddset(&reset, SIGQUIT);
>> |	posix_spawnattr_init(&attr);
>> |	posix_spawnattr_setsigmask(&attr, &old);
>> |	posix_spawnattr_setsigdefault(&attr, &reset);
>> |	posix_spawnattr_setflags(&attr, POSIX_SPAWN_SETSIGDEF|POSIX_SPAWN_SETSIGMASK);
>> |	ret = posix_spawn(&pid, "/bin/sh", 0, &attr,
>> |		(char *[]){"sh", "-c", (char *)cmd, 0}, __environ);
>> |	posix_spawnattr_destroy(&attr);
>> |
>> |	if (!ret) while (waitpid(pid, &status, 0)<0 && errno == EINTR);
>> |	sigaction(SIGINT, &oldint, NULL);
>> |	sigaction(SIGQUIT, &oldquit, NULL);
>> |	sigprocmask(SIG_SETMASK, &old, NULL);
>> |
>> |	if (ret) errno = ret;
>> |	return status;
>> |}
>>
>> Aren't all of those calls namespace violations? system() is an ISO-C
>> function, so the only symbols it is allowed to pull into the link are
>> other ISO-C functions or hidden double-underscore symbols, right? But
>> all the functions called here POSIX functions. And while POSIX contains
>> the rule that posix_* functions are reserved, that is in POSIX, not
>> ISO-C. And even with that rule, there are all the other calls.
>>
>> Does someone need to pour out a bucket of underscores over this
>> function?
> The behavior of system() is implementation-defined, so we define it as
> calling those functions. :-)
>
> Rich

Hi. I think Markus Wichmann makes a valid point.

Unless it's valid behavior for

#include <stdio.h>
#include <stdlib.h>
void sigprocmask(void){
     puts("Hi, I'm a user-defined sigprocmask");
     system("echo hello world");
}
int main(void){ sigprocmask(); }

to keep outputting "Hi, I'm a user-defined sigprocmask" until it crashes 
from stack overflow (musl-gcc -static).

Cheers, Petr Skocik