[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Boostrap tar cannot exec /bin/sh
From: |
Danny Milosavljevic |
Subject: |
Boostrap tar cannot exec /bin/sh |
Date: |
Mon, 3 Oct 2016 11:07:10 +0200 |
Hi,
sorry to butt in but why in the world does tar require a shell?
It *shouldn't* exec sh at all.
Tar changelog mentions:
2016-04-14 Sergey Poznyakoff <address@hidden>
Fix argument handling when running external commands.
* src/system.c (xexec): Use sh -c to run the command. This fixed
bug introduced by 7b5e80396 (tar 1.27)
xexec is:
static _Noreturn void
xexec (const char *cmd)
{
char *argv[4];
argv[0] = (char *) "/bin/sh";
argv[1] = (char *) "-c";
argv[2] = (char *) cmd;
argv[3] = NULL;
execv ("/bin/sh", argv);
exec_fatal (cmd);
}
That is not safe. What if a semicolon is in cmd (or hundreds of other things)?
configure then tries to find the the command line to use and then uses
set_use_compress_program_option to remember it as *one string*.
A simple (and ugly) workaround for you would be:
static _Noreturn void
xexec (const char *cmd)
{
char *argv[4];
if (strchr(cmd, ' ') == NULL) {
argv[0] = cmd;
argv[1] = NULL;
} else {
argv[0] = (char *) "/bin/sh";
argv[1] = (char *) "-c";
argv[2] = (char *) cmd;
argv[3] = NULL;
}
execvp (argv[0], argv);
exec_fatal (cmd);
}
Better would be to pass an array in the first place :P
Even better would be to use tar for creating archives and xz for compression
(in your case, in "make").
I've checked what guix environment tar will configure:
tar_cv_compressor_bzip2=bzip2
tar_cv_compressor_compress=compress
tar_cv_compressor_gzip=gzip
tar_cv_compressor_lzip=lzip
tar_cv_compressor_lzma=lzma
tar_cv_compressor_lzop=lzop
tar_cv_compressor_xz=xz