From: Brandon Williams <bmwill@google.com>
To: Jonathan Nieder <jrnieder@gmail.com>
Cc: git@vger.kernel.org, gitster@pobox.com, j6t@kdbg.org,
sbeller@google.com, e@80x24.org, peff@peff.net,
Brian Hatfield <bhatfield@google.com>
Subject: Re: [PATCH v7 2/2] run-command: don't try to execute directories
Date: Tue, 25 Apr 2017 12:32:49 -0700 [thread overview]
Message-ID: <20170425193249.GD105623@google.com> (raw)
In-Reply-To: <20170425185117.GK28740@aiede.svl.corp.google.com>
On 04/25, Jonathan Nieder wrote:
> Brandon Williams wrote:
>
> > Subject: run-command: don't try to execute directories
>
> nit: this is also about non-executable files, now. That would mean
> something like
>
> run-command: don't try to execute directories or non-executable files
>
> or
>
> run-command: restrict PATH search to files we can execute
>
> [...]
> > Reported-by: Brian Hatfield <bhatfield@google.com>
> > Signed-off-by: Brandon Williams <bmwill@google.com>
> > ---
> > run-command.c | 2 +-
> > t/t0061-run-command.sh | 23 +++++++++++++++++++++++
> > 2 files changed, 24 insertions(+), 1 deletion(-)
> >
> > diff --git a/run-command.c b/run-command.c
> > index a97d7bf9f..ec08e0951 100644
> > --- a/run-command.c
> > +++ b/run-command.c
> > @@ -137,7 +137,7 @@ static char *locate_in_PATH(const char *file)
> > }
> > strbuf_addstr(&buf, file);
> >
> > - if (!access(buf.buf, F_OK))
> > + if (is_executable(buf.buf))
> > return strbuf_detach(&buf, NULL);
>
> It's probably worth a docstring for this function to explain
> that this is not a complete emulation of execvp on Windows, since
> it doesn't look for .com and .exe files.
>
>
> >
> > if (!*end)
> > diff --git a/t/t0061-run-command.sh b/t/t0061-run-command.sh
> > index 98c09dd98..fd5e43766 100755
> > --- a/t/t0061-run-command.sh
> > +++ b/t/t0061-run-command.sh
> > @@ -37,6 +37,29 @@ test_expect_success !MINGW 'run_command can run a script without a #! line' '
> > test_cmp empty err
> > '
> >
> > +test_expect_success 'run_command should not try to execute a directory' '
> > + test_when_finished "rm -rf bin1 bin2 bin3" &&
> > + mkdir -p bin1/greet bin2 bin3 &&
> > + write_script bin2/greet <<-\EOF &&
> > + cat bin2/greet
> > + EOF
> > + chmod -x bin2/greet &&
>
> This probably implies that the test needs a POSIXPERM dependency.
> Should it be a separate test_expect_success case so that the other
> part can still run on Windows?
>
> The rest looks good. Thanks for your patient work.
>
> With whatever subset of the changes described makes sense,
> Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
>
> Thanks.
>
> diff --git i/run-command.c w/run-command.c
> index ec08e09518..dbbaec932e 100644
> --- i/run-command.c
> +++ w/run-command.c
> @@ -117,6 +117,21 @@ static inline void close_pair(int fd[2])
> close(fd[1]);
> }
>
> +/*
> + * Search $PATH for a command. This emulates the path search that
> + * execvp would perform, without actually executing the command so it
> + * can be used before fork() to prepare to run a command using
> + * execve() or after execvp() to diagnose why it failed.
> + *
> + * The caller should ensure that file contains no directory
> + * separators.
> + *
> + * Returns NULL if the command could not be found.
> + *
> + * This should not be used on Windows, where the $PATH search rules
> + * are more complicated (e.g., a search for "foo" should find
> + * "foo.exe").
> + */
> static char *locate_in_PATH(const char *file)
> {
> const char *p = getenv("PATH");
> diff --git i/t/t0061-run-command.sh w/t/t0061-run-command.sh
> index fd5e43766a..e48a207fae 100755
> --- i/t/t0061-run-command.sh
> +++ w/t/t0061-run-command.sh
> @@ -37,26 +37,33 @@ test_expect_success !MINGW 'run_command can run a script without a #! line' '
> test_cmp empty err
> '
>
> -test_expect_success 'run_command should not try to execute a directory' '
> +test_expect_success 'run_command does not try to execute a directory' '
> test_when_finished "rm -rf bin1 bin2" &&
> - mkdir -p bin1/greet bin2 bin3 &&
> + mkdir -p bin1/greet bin2 &&
> write_script bin2/greet <<-\EOF &&
> cat bin2/greet
> EOF
> - chmod -x bin2/greet &&
> - write_script bin3/greet <<-\EOF &&
> - cat bin3/greet
> +
> + PATH=$PWD/bin1:$PWD/bin2:$PATH \
> + test-run-command run-command greet >actual 2>err &&
> + test_cmp bin2/greet actual &&
> + test_cmp empty err
> +'
> +
> +test_expect_success POSIXPERM 'run_command passes over non-executable file' '
> + test_when_finished "rm -rf bin1 bin2" &&
> + mkdir -p bin1 bin2 &&
> + write_script bin1/greet <<-\EOF &&
> + cat bin1/greet
> + EOF
> + chmod -x bin1/greet &&
> + write_script bin2/greet <<-\EOF &&
> + cat bin2/greet
> EOF
>
> - # Test that run-command does not try to execute the "greet" directory in
> - # "bin1", or the non-executable file "greet" in "bin2", but rather
> - # correcty executes the "greet" script located in bin3.
> - (
> - PATH=$PWD/bin1:$PWD/bin2:$PWD/bin3:$PATH &&
> - export PATH &&
> - test-run-command run-command greet >actual 2>err
> - ) &&
> - test_cmp bin3/greet actual &&
> + PATH=$PWD/bin1:$PWD/bin2:$PATH \
> + test-run-command run-command greet >actual 2>err &&
> + test_cmp bin2/greet actual &&
> test_cmp empty err
> '
>
Yeah the POSIXPERM is going to be necessary. I'll roll in some of these
changes when I do a reroll.
--
Brandon Williams
next prev parent reply other threads:[~2017-04-25 19:32 UTC|newest]
Thread overview: 140+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-10 23:49 [PATCH 0/5] forking and threading Brandon Williams
2017-04-10 23:49 ` [PATCH 1/5] run-command: convert sane_execvp to sane_execvpe Brandon Williams
2017-04-12 19:22 ` Brandon Williams
2017-04-10 23:49 ` [PATCH 2/5] run-command: prepare argv before forking Brandon Williams
2017-04-10 23:49 ` [PATCH 3/5] run-command: allocate child_err " Brandon Williams
2017-04-10 23:49 ` [PATCH 4/5] run-command: prepare child environment " Brandon Williams
2017-04-11 0:58 ` Jonathan Nieder
2017-04-11 17:27 ` Brandon Williams
2017-04-11 17:30 ` Jonathan Nieder
2017-04-10 23:49 ` [PATCH 5/5] run-command: add note about forking and threading Brandon Williams
2017-04-11 0:26 ` Jonathan Nieder
2017-04-11 0:53 ` Eric Wong
2017-04-11 17:33 ` Jonathan Nieder
2017-04-11 17:34 ` Brandon Williams
2017-04-11 17:40 ` Eric Wong
2017-04-11 7:05 ` [PATCH 6/5] run-command: avoid potential dangers in forked child Eric Wong
2017-04-11 16:29 ` Brandon Williams
2017-04-11 16:59 ` Eric Wong
2017-04-11 17:17 ` Brandon Williams
2017-04-11 17:37 ` [PATCH 0/5] forking and threading Jonathan Nieder
2017-04-11 17:54 ` Brandon Williams
2017-04-13 18:32 ` [PATCH v2 0/6] " Brandon Williams
2017-04-13 18:32 ` [PATCH v2 1/6] t5550: use write_script to generate post-update hook Brandon Williams
2017-04-13 20:43 ` Jonathan Nieder
2017-04-13 20:59 ` Eric Wong
2017-04-13 21:35 ` Brandon Williams
2017-04-13 21:39 ` Eric Wong
2017-04-13 18:32 ` [PATCH v2 2/6] run-command: prepare command before forking Brandon Williams
2017-04-13 21:14 ` Jonathan Nieder
2017-04-13 22:41 ` Brandon Williams
2017-04-13 18:32 ` [PATCH v2 3/6] run-command: prepare child environment " Brandon Williams
2017-04-13 18:32 ` [PATCH v2 4/6] run-command: don't die in child when duping /dev/null Brandon Williams
2017-04-13 19:29 ` Eric Wong
2017-04-13 19:43 ` Brandon Williams
2017-04-13 18:32 ` [PATCH v2 5/6] run-command: eliminate calls to error handling functions in child Brandon Williams
2017-04-13 18:32 ` [PATCH v2 6/6] run-command: add note about forking and threading Brandon Williams
2017-04-13 20:50 ` [PATCH v2 0/6] " Jonathan Nieder
2017-04-13 23:44 ` Brandon Williams
2017-04-13 21:14 ` [PATCH 7/6] run-command: block signals between fork and execve Eric Wong
2017-04-13 23:37 ` Brandon Williams
2017-04-14 2:42 ` Brandon Williams
2017-04-14 5:26 ` Eric Wong
2017-04-14 5:35 ` Eric Wong
2017-04-14 16:58 ` [PATCH v3 00/10] forking and threading Brandon Williams
2017-04-14 16:58 ` [PATCH v3 01/10] t5550: use write_script to generate post-update hook Brandon Williams
2017-04-14 16:58 ` [PATCH v3 02/10] t0061: run_command executes scripts without a #! line Brandon Williams
2017-04-14 16:58 ` [PATCH v3 03/10] run-command: prepare command before forking Brandon Williams
2017-04-14 16:58 ` [PATCH v3 04/10] run-command: use the async-signal-safe execv instead of execvp Brandon Williams
2017-04-14 16:58 ` [PATCH v3 05/10] run-command: prepare child environment before forking Brandon Williams
2017-04-14 16:58 ` [PATCH v3 06/10] run-command: don't die in child when duping /dev/null Brandon Williams
2017-04-14 19:38 ` Eric Wong
2017-04-14 20:19 ` Brandon Williams
2017-04-14 16:58 ` [PATCH v3 07/10] run-command: eliminate calls to error handling functions in child Brandon Williams
2017-04-14 18:50 ` Eric Wong
2017-04-14 20:22 ` Brandon Williams
2017-04-14 16:59 ` [PATCH v3 08/10] run-command: handle dup2 and close errors " Brandon Williams
2017-04-14 16:59 ` [PATCH v3 09/10] run-command: add note about forking and threading Brandon Williams
2017-04-14 16:59 ` [PATCH v3 10/10] run-command: block signals between fork and execve Brandon Williams
2017-04-14 20:24 ` Brandon Williams
2017-04-14 21:35 ` Eric Wong
2017-04-17 22:08 ` [PATCH v4 00/10] forking and threading Brandon Williams
2017-04-17 22:08 ` [PATCH v4 01/10] t5550: use write_script to generate post-update hook Brandon Williams
2017-04-17 22:08 ` [PATCH v4 02/10] t0061: run_command executes scripts without a #! line Brandon Williams
2017-04-17 22:08 ` [PATCH v4 03/10] run-command: prepare command before forking Brandon Williams
2017-04-17 22:08 ` [PATCH v4 04/10] run-command: use the async-signal-safe execv instead of execvp Brandon Williams
2017-04-17 22:08 ` [PATCH v4 05/10] run-command: prepare child environment before forking Brandon Williams
2017-04-18 0:26 ` Eric Wong
2017-04-18 21:02 ` Brandon Williams
2017-04-17 22:08 ` [PATCH v4 06/10] run-command: don't die in child when duping /dev/null Brandon Williams
2017-04-17 22:08 ` [PATCH v4 07/10] run-command: eliminate calls to error handling functions in child Brandon Williams
2017-04-17 22:08 ` [PATCH v4 08/10] run-command: handle dup2 and close errors " Brandon Williams
2017-04-17 22:08 ` [PATCH v4 09/10] run-command: add note about forking and threading Brandon Williams
2017-04-17 22:08 ` [PATCH v4 10/10] run-command: block signals between fork and execve Brandon Williams
2017-04-18 23:17 ` [PATCH v5 00/11] forking and threading Brandon Williams
2017-04-18 23:17 ` [PATCH v5 01/11] t5550: use write_script to generate post-update hook Brandon Williams
2017-04-18 23:17 ` [PATCH v5 02/11] t0061: run_command executes scripts without a #! line Brandon Williams
2017-04-19 5:43 ` Johannes Sixt
2017-04-19 6:21 ` Johannes Sixt
2017-04-19 15:56 ` Brandon Williams
2017-04-19 18:18 ` Johannes Sixt
2017-04-20 10:47 ` Johannes Schindelin
2017-04-20 17:02 ` Brandon Williams
2017-04-20 20:24 ` Johannes Schindelin
2017-04-20 20:49 ` Brandon Williams
2017-04-18 23:17 ` [PATCH v5 03/11] run-command: prepare command before forking Brandon Williams
2017-04-18 23:17 ` [PATCH v5 04/11] run-command: use the async-signal-safe execv instead of execvp Brandon Williams
2017-04-18 23:17 ` [PATCH v5 05/11] string-list: add string_list_remove function Brandon Williams
2017-04-18 23:31 ` Stefan Beller
2017-04-18 23:36 ` Brandon Williams
2017-04-18 23:40 ` Stefan Beller
2017-04-18 23:18 ` [PATCH v5 06/11] run-command: prepare child environment before forking Brandon Williams
2017-04-18 23:18 ` [PATCH v5 07/11] run-command: don't die in child when duping /dev/null Brandon Williams
2017-04-18 23:18 ` [PATCH v5 08/11] run-command: eliminate calls to error handling functions in child Brandon Williams
2017-04-18 23:18 ` [PATCH v5 09/11] run-command: handle dup2 and close errors " Brandon Williams
2017-04-18 23:18 ` [PATCH v5 10/11] run-command: add note about forking and threading Brandon Williams
2017-04-18 23:18 ` [PATCH v5 11/11] run-command: block signals between fork and execve Brandon Williams
2017-04-19 6:00 ` Johannes Sixt
2017-04-19 7:48 ` Eric Wong
2017-04-19 16:10 ` Brandon Williams
2017-04-19 23:13 ` [PATCH v6 00/11] forking and threading Brandon Williams
2017-04-19 23:13 ` [PATCH v6 01/11] t5550: use write_script to generate post-update hook Brandon Williams
2017-04-19 23:13 ` [PATCH v6 02/11] t0061: run_command executes scripts without a #! line Brandon Williams
2017-04-20 10:49 ` Johannes Schindelin
2017-04-20 16:58 ` Brandon Williams
2017-04-19 23:13 ` [PATCH v6 03/11] run-command: prepare command before forking Brandon Williams
2017-04-19 23:13 ` [PATCH v6 04/11] run-command: use the async-signal-safe execv instead of execvp Brandon Williams
2017-05-17 2:15 ` Junio C Hamano
2017-05-17 2:26 ` Jeff King
2017-05-17 2:28 ` Jeff King
2017-05-17 3:41 ` Junio C Hamano
2017-05-17 14:52 ` Brandon Williams
2017-04-19 23:13 ` [PATCH v6 05/11] string-list: add string_list_remove function Brandon Williams
2017-04-19 23:13 ` [PATCH v6 06/11] run-command: prepare child environment before forking Brandon Williams
2017-04-19 23:13 ` [PATCH v6 07/11] run-command: don't die in child when duping /dev/null Brandon Williams
2017-04-19 23:13 ` [PATCH v6 08/11] run-command: eliminate calls to error handling functions in child Brandon Williams
2017-04-19 23:13 ` [PATCH v6 09/11] run-command: handle dup2 and close errors " Brandon Williams
2017-04-19 23:13 ` [PATCH v6 10/11] run-command: add note about forking and threading Brandon Williams
2017-04-19 23:13 ` [PATCH v6 11/11] run-command: block signals between fork and execve Brandon Williams
2017-04-24 22:37 ` [PATCH v6 00/11] forking and threading Brandon Williams
2017-04-24 23:50 ` [PATCH v6 12/11] run-command: don't try to execute directories Brandon Williams
2017-04-25 0:17 ` Jonathan Nieder
2017-04-25 1:58 ` Junio C Hamano
2017-04-25 2:51 ` Jonathan Nieder
2017-04-25 2:56 ` Jeff King
2017-04-25 1:47 ` Junio C Hamano
2017-04-25 2:57 ` Jonathan Nieder
2017-04-25 17:54 ` [PATCH v7 1/2] exec_cmd: expose is_executable function Brandon Williams
2017-04-25 17:54 ` [PATCH v7 2/2] run-command: don't try to execute directories Brandon Williams
2017-04-25 18:51 ` Jonathan Nieder
2017-04-25 19:32 ` Brandon Williams [this message]
2017-04-25 18:04 ` [PATCH v7 1/2] exec_cmd: expose is_executable function Jonathan Nieder
2017-04-25 18:18 ` Johannes Sixt
2017-04-25 18:38 ` Brandon Williams
2017-04-25 23:46 ` [PATCH v8 1/2] run-command: " Brandon Williams
2017-04-25 23:47 ` [PATCH v8 2/2] run-command: restrict PATH search to executable files Brandon Williams
2017-04-25 23:50 ` Jonathan Nieder
2017-04-26 1:44 ` Junio C Hamano
2017-04-26 17:10 ` [PATCH v9 " Brandon Williams
2017-04-27 0:33 ` Junio C Hamano
2017-04-25 23:48 ` [PATCH v8 1/2] run-command: expose is_executable function Jonathan Nieder
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170425193249.GD105623@google.com \
--to=bmwill@google.com \
--cc=bhatfield@google.com \
--cc=e@80x24.org \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=j6t@kdbg.org \
--cc=jrnieder@gmail.com \
--cc=peff@peff.net \
--cc=sbeller@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).