| Message ID | 20210108142209.61938-1-alx.manpages@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [v4] system.3: Document bug and workaround when the command name starts with a hypen | expand |
On 1/8/21 3:22 PM, Alejandro Colomar wrote: > man-pages bug: 211029 > https://bugzilla.kernel.org/show_bug.cgi?id=211029 > > Complete workaround Maybe a bit more readable: Complete workaround example > (it was too long for the page, but it may be useful here): > > ...... > > $ sudo ln -s -T /usr/bin/echo /usr/bin/-echo; > $ cc -o system_hyphen -x c - ; > #include <stdlib.h> > > int > main(void) > { > system(" -echo Hello world!"); > exit(EXIT_SUCCESS); > } > > $ ./system_hyphen; > Hello world! > > Reported-by: Ciprian Dorin Craciun <ciprian.craciun@gmail.com> > Cc: Florian Weimer <fweimer@redhat.com> > Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com> > --- > > D'oh! > > man3/system.3 | 20 ++++++++++++++++++++ > 1 file changed, 20 insertions(+) > > diff --git a/man3/system.3 b/man3/system.3 > index 753d46f7d..ead35ab30 100644 > --- a/man3/system.3 > +++ b/man3/system.3 > @@ -255,6 +255,26 @@ are not executed. > Such risks are especially grave when using > .BR system () > from a privileged program. > +.SH BUGS > +.\" [BUG 211029](https://bugzilla.kernel.org/show_bug.cgi?id=211029) > +.\" [Glibc bug](https://sourceware.org/bugzilla/show_bug.cgi?id=27143) > +.\" [POSIX bug](https://www.austingroupbugs.net/view.php?id=1440) > +If the command name starts with a hyphen, > +.BR sh (1) > +interprets the command name as an option, > +and the behavior is undefined. > +(See the > +.B \-c > +option to > +.BR sh (1).) > +To work around this problem, > +prepend the command with a space as in the following call: > +.PP > +.RS 4 > +.EX > + system(" \-unfortunate\-command\-name"); > +.EE > +.RE > .SH SEE ALSO > .BR sh (1), > .BR execve (2), >
Hi Michael, Ping! And now I noticed a typo in the subject: s/hypen/hyphen/ Thanks, Alex On 1/8/21 3:28 PM, Alejandro Colomar (man-pages) wrote: > > > On 1/8/21 3:22 PM, Alejandro Colomar wrote: >> man-pages bug: 211029 >> https://bugzilla.kernel.org/show_bug.cgi?id=211029 >> >> Complete workaround > > Maybe a bit more readable: > Complete workaround example > > >> (it was too long for the page, but it may be useful here): >> >> ...... >> >> $ sudo ln -s -T /usr/bin/echo /usr/bin/-echo; >> $ cc -o system_hyphen -x c - ; >> #include <stdlib.h> >> >> int >> main(void) >> { >> system(" -echo Hello world!"); >> exit(EXIT_SUCCESS); >> } >> >> $ ./system_hyphen; >> Hello world! >> >> Reported-by: Ciprian Dorin Craciun <ciprian.craciun@gmail.com> >> Cc: Florian Weimer <fweimer@redhat.com> >> Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com> >> --- >> >> D'oh! >> >> man3/system.3 | 20 ++++++++++++++++++++ >> 1 file changed, 20 insertions(+) >> >> diff --git a/man3/system.3 b/man3/system.3 >> index 753d46f7d..ead35ab30 100644 >> --- a/man3/system.3 >> +++ b/man3/system.3 >> @@ -255,6 +255,26 @@ are not executed. >> Such risks are especially grave when using >> .BR system () >> from a privileged program. >> +.SH BUGS >> +.\" [BUG 211029](https://bugzilla.kernel.org/show_bug.cgi?id=211029) >> +.\" [Glibc bug](https://sourceware.org/bugzilla/show_bug.cgi?id=27143) >> +.\" [POSIX bug](https://www.austingroupbugs.net/view.php?id=1440) >> +If the command name starts with a hyphen, >> +.BR sh (1) >> +interprets the command name as an option, >> +and the behavior is undefined. >> +(See the >> +.B \-c >> +option to >> +.BR sh (1).) >> +To work around this problem, >> +prepend the command with a space as in the following call: >> +.PP >> +.RS 4 >> +.EX >> + system(" \-unfortunate\-command\-name"); >> +.EE >> +.RE >> .SH SEE ALSO >> .BR sh (1), >> .BR execve (2), >> >
Hi Alex, On 1/8/21 3:22 PM, Alejandro Colomar wrote: > man-pages bug: 211029 > https://bugzilla.kernel.org/show_bug.cgi?id=211029 > > Complete workaround > (it was too long for the page, but it may be useful here): > > ...... > > $ sudo ln -s -T /usr/bin/echo /usr/bin/-echo; > $ cc -o system_hyphen -x c - ; > #include <stdlib.h> > > int > main(void) > { > system(" -echo Hello world!"); > exit(EXIT_SUCCESS); > } > > $ ./system_hyphen; > Hello world! > > Reported-by: Ciprian Dorin Craciun <ciprian.craciun@gmail.com> > Cc: Florian Weimer <fweimer@redhat.com> > Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com> Thanks for the ping. Patch applied, but see man-pages(7) and my small fix-up in the next commit. Cheers, Michael > --- > > D'oh! > > man3/system.3 | 20 ++++++++++++++++++++ > 1 file changed, 20 insertions(+) > > diff --git a/man3/system.3 b/man3/system.3 > index 753d46f7d..ead35ab30 100644 > --- a/man3/system.3 > +++ b/man3/system.3 > @@ -255,6 +255,26 @@ are not executed. > Such risks are especially grave when using > .BR system () > from a privileged program. > +.SH BUGS > +.\" [BUG 211029](https://bugzilla.kernel.org/show_bug.cgi?id=211029) > +.\" [Glibc bug](https://sourceware.org/bugzilla/show_bug.cgi?id=27143) > +.\" [POSIX bug](https://www.austingroupbugs.net/view.php?id=1440) > +If the command name starts with a hyphen, > +.BR sh (1) > +interprets the command name as an option, > +and the behavior is undefined. > +(See the > +.B \-c > +option to > +.BR sh (1).) > +To work around this problem, > +prepend the command with a space as in the following call: > +.PP > +.RS 4 > +.EX > + system(" \-unfortunate\-command\-name"); > +.EE > +.RE > .SH SEE ALSO > .BR sh (1), > .BR execve (2), >
On 1/8/21 3:28 PM, Alejandro Colomar (man-pages) wrote: > > > On 1/8/21 3:22 PM, Alejandro Colomar wrote: >> man-pages bug: 211029 >> https://bugzilla.kernel.org/show_bug.cgi?id=211029 >> >> Complete workaround > > Maybe a bit more readable: > Complete workaround example Changed. Thanks, Michael > > >> (it was too long for the page, but it may be useful here): >> >> ...... >> >> $ sudo ln -s -T /usr/bin/echo /usr/bin/-echo; >> $ cc -o system_hyphen -x c - ; >> #include <stdlib.h> >> >> int >> main(void) >> { >> system(" -echo Hello world!"); >> exit(EXIT_SUCCESS); >> } >> >> $ ./system_hyphen; >> Hello world! >> >> Reported-by: Ciprian Dorin Craciun <ciprian.craciun@gmail.com> >> Cc: Florian Weimer <fweimer@redhat.com> >> Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com> >> --- >> >> D'oh! >> >> man3/system.3 | 20 ++++++++++++++++++++ >> 1 file changed, 20 insertions(+) >> >> diff --git a/man3/system.3 b/man3/system.3 >> index 753d46f7d..ead35ab30 100644 >> --- a/man3/system.3 >> +++ b/man3/system.3 >> @@ -255,6 +255,26 @@ are not executed. >> Such risks are especially grave when using >> .BR system () >> from a privileged program. >> +.SH BUGS >> +.\" [BUG 211029](https://bugzilla.kernel.org/show_bug.cgi?id=211029) >> +.\" [Glibc bug](https://sourceware.org/bugzilla/show_bug.cgi?id=27143) >> +.\" [POSIX bug](https://www.austingroupbugs.net/view.php?id=1440) >> +If the command name starts with a hyphen, >> +.BR sh (1) >> +interprets the command name as an option, >> +and the behavior is undefined. >> +(See the >> +.B \-c >> +option to >> +.BR sh (1).) >> +To work around this problem, >> +prepend the command with a space as in the following call: >> +.PP >> +.RS 4 >> +.EX >> + system(" \-unfortunate\-command\-name"); >> +.EE >> +.RE >> .SH SEE ALSO >> .BR sh (1), >> .BR execve (2), >> >
On 1/18/21 4:28 PM, Alejandro Colomar (man-pages) wrote: > Hi Michael, > > Ping! > > And now I noticed a typo in the subject: > s/hypen/hyphen/ D'oh! I missed that. In cases like these, where there's already two amendments to the patch, perhaps better is a new complete patch, rather than a ping :-). Thanks, Michael > On 1/8/21 3:28 PM, Alejandro Colomar (man-pages) wrote: >> >> >> On 1/8/21 3:22 PM, Alejandro Colomar wrote: >>> man-pages bug: 211029 >>> https://bugzilla.kernel.org/show_bug.cgi?id=211029 >>> >>> Complete workaround >> >> Maybe a bit more readable: >> Complete workaround example >> >> >>> (it was too long for the page, but it may be useful here): >>> >>> ...... >>> >>> $ sudo ln -s -T /usr/bin/echo /usr/bin/-echo; >>> $ cc -o system_hyphen -x c - ; >>> #include <stdlib.h> >>> >>> int >>> main(void) >>> { >>> system(" -echo Hello world!"); >>> exit(EXIT_SUCCESS); >>> } >>> >>> $ ./system_hyphen; >>> Hello world! >>> >>> Reported-by: Ciprian Dorin Craciun <ciprian.craciun@gmail.com> >>> Cc: Florian Weimer <fweimer@redhat.com> >>> Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com> >>> --- >>> >>> D'oh! >>> >>> man3/system.3 | 20 ++++++++++++++++++++ >>> 1 file changed, 20 insertions(+) >>> >>> diff --git a/man3/system.3 b/man3/system.3 >>> index 753d46f7d..ead35ab30 100644 >>> --- a/man3/system.3 >>> +++ b/man3/system.3 >>> @@ -255,6 +255,26 @@ are not executed. >>> Such risks are especially grave when using >>> .BR system () >>> from a privileged program. >>> +.SH BUGS >>> +.\" [BUG 211029](https://bugzilla.kernel.org/show_bug.cgi?id=211029) >>> +.\" [Glibc bug](https://sourceware.org/bugzilla/show_bug.cgi?id=27143) >>> +.\" [POSIX bug](https://www.austingroupbugs.net/view.php?id=1440) >>> +If the command name starts with a hyphen, >>> +.BR sh (1) >>> +interprets the command name as an option, >>> +and the behavior is undefined. >>> +(See the >>> +.B \-c >>> +option to >>> +.BR sh (1).) >>> +To work around this problem, >>> +prepend the command with a space as in the following call: >>> +.PP >>> +.RS 4 >>> +.EX >>> + system(" \-unfortunate\-command\-name"); >>> +.EE >>> +.RE >>> .SH SEE ALSO >>> .BR sh (1), >>> .BR execve (2), >>> >> > >
diff --git a/man3/system.3 b/man3/system.3 index 753d46f7d..ead35ab30 100644 --- a/man3/system.3 +++ b/man3/system.3 @@ -255,6 +255,26 @@ are not executed. Such risks are especially grave when using .BR system () from a privileged program. +.SH BUGS +.\" [BUG 211029](https://bugzilla.kernel.org/show_bug.cgi?id=211029) +.\" [Glibc bug](https://sourceware.org/bugzilla/show_bug.cgi?id=27143) +.\" [POSIX bug](https://www.austingroupbugs.net/view.php?id=1440) +If the command name starts with a hyphen, +.BR sh (1) +interprets the command name as an option, +and the behavior is undefined. +(See the +.B \-c +option to +.BR sh (1).) +To work around this problem, +prepend the command with a space as in the following call: +.PP +.RS 4 +.EX + system(" \-unfortunate\-command\-name"); +.EE +.RE .SH SEE ALSO .BR sh (1), .BR execve (2),
man-pages bug: 211029 https://bugzilla.kernel.org/show_bug.cgi?id=211029 Complete workaround (it was too long for the page, but it may be useful here): ...... $ sudo ln -s -T /usr/bin/echo /usr/bin/-echo; $ cc -o system_hyphen -x c - ; #include <stdlib.h> int main(void) { system(" -echo Hello world!"); exit(EXIT_SUCCESS); } $ ./system_hyphen; Hello world! Reported-by: Ciprian Dorin Craciun <ciprian.craciun@gmail.com> Cc: Florian Weimer <fweimer@redhat.com> Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com> --- D'oh! man3/system.3 | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+)