guix-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Boostrap tar cannot exec /bin/sh


From: Danny Milosavljevic
Subject: Boostrap tar cannot exec /bin/sh
Date: Mon, 3 Oct 2016 11:07:10 +0200

Hi,

sorry to butt in but why in the world does tar require a shell?

It *shouldn't* exec sh at all.

Tar changelog mentions:

2016-04-14  Sergey Poznyakoff  <address@hidden>

        Fix argument handling when running external commands.
        * src/system.c (xexec): Use sh -c to run the command.  This fixed
        bug introduced by 7b5e80396 (tar 1.27)

xexec is:

static _Noreturn void
xexec (const char *cmd)
{
  char *argv[4];

  argv[0] = (char *) "/bin/sh";
  argv[1] = (char *) "-c";
  argv[2] = (char *) cmd;
  argv[3] = NULL;

  execv ("/bin/sh", argv);
  exec_fatal (cmd);
}

That is not safe. What if a semicolon is in cmd (or hundreds of other things)?

configure then tries to find the the command line to use and then uses 
set_use_compress_program_option to remember it as *one string*. 

A simple (and ugly) workaround for you would be:

static _Noreturn void
xexec (const char *cmd)
{
  char *argv[4];

  if (strchr(cmd, ' ') == NULL) {
    argv[0] = cmd;
    argv[1] = NULL;
  } else {
    argv[0] = (char *) "/bin/sh";
    argv[1] = (char *) "-c";
    argv[2] = (char *) cmd;
    argv[3] = NULL;
  }

  execvp (argv[0], argv);
  exec_fatal (cmd);
}

Better would be to pass an array in the first place :P

Even better would be to use tar for creating archives and xz for compression 
(in your case, in "make").

I've checked what guix environment tar will configure:

tar_cv_compressor_bzip2=bzip2
tar_cv_compressor_compress=compress
tar_cv_compressor_gzip=gzip
tar_cv_compressor_lzip=lzip
tar_cv_compressor_lzma=lzma
tar_cv_compressor_lzop=lzop
tar_cv_compressor_xz=xz



reply via email to

[Prev in Thread] Current Thread [Next in Thread]