diff options
| author | Joseph Hunkeler <jhunkeler@users.noreply.github.com> | 2024-08-28 13:52:00 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-28 13:52:00 -0400 |
| commit | f22a121c6667e3139f8695ff1dbcc0b33039f330 (patch) | |
| tree | ccc54eaac19a378095b5b6f02716320f70543d2e /src/system.c | |
| parent | 97a6697b9fdebda0be31bc03c4db3846d0947281 (diff) | |
| download | stasis-f22a121c6667e3139f8695ff1dbcc0b33039f330.tar.gz | |
System calls fixup (#38)
* Fix up shell() behavior
* Removes dead code after execl()
* Return the return value of execl() immediately
* Output redirection fix: if f_stderr and redirect_stderr were both set, stderr was not redirected
* Move the file handles into the child process
* Bash now executes with --norc to avoid clobbering environment variables. This mimics /bin/sh behavior.
* Fix test script environment
* shell() already provides a temporary script. Not jumping into another sub-shell should preserve help preserve the top-level environment.
* Try a different approach using declare -f
* Revert "Try a different approach using declare -f"
This reverts commit ea8ec855c3c6870d29c55afe3787afb2c05026a1.
* Revert "Fix test script environment"
This reverts commit 0a4efe972a78378eba5c5fbc6819c39b3cc6c9cb.
* Change script permissions: 0700
* Force conda reactivation in test script
* Switch to the usual environment reactivation method
Diffstat (limited to 'src/system.c')
| -rw-r--r-- | src/system.c | 41 |
1 files changed, 13 insertions, 28 deletions
diff --git a/src/system.c b/src/system.c index 526f0ec..a564769 100644 --- a/src/system.c +++ b/src/system.c @@ -3,8 +3,6 @@ int shell(struct Process *proc, char *args) { struct Process selfproc; - FILE *fp_out = NULL; - FILE *fp_err = NULL; pid_t pid; pid_t status; status = 0; @@ -32,20 +30,28 @@ int shell(struct Process *proc, char *args) { fprintf(tp, "#!/bin/bash\n%s\n", args); fflush(tp); fclose(tp); - chmod(t_name, 0755); + + // Set the script's permissions so that only the calling user can use it + // This should help prevent eavesdropping if keys are applied in plain-text + // somewhere. + chmod(t_name, 0700); pid = fork(); if (pid == -1) { fprintf(stderr, "fork failed\n"); exit(1); } else if (pid == 0) { - int retval; + FILE *fp_out = NULL; + FILE *fp_err = NULL; + if (strlen(proc->f_stdout)) { fp_out = freopen(proc->f_stdout, "w+", stdout); } if (strlen(proc->f_stderr)) { - fp_err = freopen(proc->f_stderr, "w+", stderr); + if (!proc->redirect_stderr) { + fp_err = freopen(proc->f_stderr, "w+", stderr); + } } if (proc->redirect_stderr) { @@ -56,28 +62,7 @@ int shell(struct Process *proc, char *args) { dup2(fileno(stdout), fileno(stderr)); } - retval = execl("/bin/bash", "bash", "-c", t_name, (char *) NULL); - if (!access(t_name, F_OK)) { - remove(t_name); - } - - if (strlen(proc->f_stdout)) { - if (fp_out != NULL) { - fflush(fp_out); - fclose(fp_out); - } - fflush(stdout); - fclose(stdout); - } - if (strlen(proc->f_stderr)) { - if (fp_err) { - fflush(fp_err); - fclose(fp_err); - } - fflush(stderr); - fclose(stderr); - } - return retval; + return execl("/bin/bash", "bash", "--norc", t_name, (char *) NULL); } else { if (waitpid(pid, &status, WUNTRACED) > 0) { if (WIFEXITED(status) && WEXITSTATUS(status)) { @@ -174,4 +159,4 @@ char *shell_output(const char *command, int *status) { } *status = pclose(pp); return result; -}
\ No newline at end of file +} |