From f22a121c6667e3139f8695ff1dbcc0b33039f330 Mon Sep 17 00:00:00 2001
From: Joseph Hunkeler <jhunkeler@users.noreply.github.com>
Date: Wed, 28 Aug 2024 13:52:00 -0400
Subject: System calls fixup (#38)

* Fix up shell() behavior

* Removes dead code after execl()
* Return the return value of execl() immediately
* Output redirection fix: if f_stderr and redirect_stderr were both set, stderr was not redirected
* Move the file handles into the child process
* Bash now executes with --norc to avoid clobbering environment variables. This mimics /bin/sh behavior.

* Fix test script environment

* shell() already provides a temporary script. Not jumping into another sub-shell should preserve help preserve the top-level environment.

* Try a different approach using declare -f

* Revert "Try a different approach using declare -f"

This reverts commit ea8ec855c3c6870d29c55afe3787afb2c05026a1.

* Revert "Fix test script environment"

This reverts commit 0a4efe972a78378eba5c5fbc6819c39b3cc6c9cb.

* Change script permissions: 0700

* Force conda reactivation in test script

* Switch to the usual environment reactivation method
---
 src/system.c | 41 +++++++++++++----------------------------
 1 file changed, 13 insertions(+), 28 deletions(-)

(limited to 'src/system.c')

diff --git a/src/system.c b/src/system.c
index 526f0ec..a564769 100644
--- a/src/system.c
+++ b/src/system.c
@@ -3,8 +3,6 @@
 
 int shell(struct Process *proc, char *args) {
     struct Process selfproc;
-    FILE *fp_out = NULL;
-    FILE *fp_err = NULL;
     pid_t pid;
     pid_t status;
     status = 0;
@@ -32,20 +30,28 @@ int shell(struct Process *proc, char *args) {
     fprintf(tp, "#!/bin/bash\n%s\n", args);
     fflush(tp);
     fclose(tp);
-    chmod(t_name, 0755);
+
+    // Set the script's permissions so that only the calling user can use it
+    // This should help prevent eavesdropping if keys are applied in plain-text
+    // somewhere.
+    chmod(t_name, 0700);
 
     pid = fork();
     if (pid == -1) {
         fprintf(stderr, "fork failed\n");
         exit(1);
     } else if (pid == 0) {
-        int retval;
+        FILE *fp_out = NULL;
+        FILE *fp_err = NULL;
+
         if (strlen(proc->f_stdout)) {
             fp_out = freopen(proc->f_stdout, "w+", stdout);
         }
 
         if (strlen(proc->f_stderr)) {
-            fp_err = freopen(proc->f_stderr, "w+", stderr);
+            if (!proc->redirect_stderr) {
+                fp_err = freopen(proc->f_stderr, "w+", stderr);
+            }
         }
 
         if (proc->redirect_stderr) {
@@ -56,28 +62,7 @@ int shell(struct Process *proc, char *args) {
             dup2(fileno(stdout), fileno(stderr));
         }
 
-        retval = execl("/bin/bash", "bash", "-c", t_name, (char *) NULL);
-        if (!access(t_name, F_OK)) {
-            remove(t_name);
-        }
-
-        if (strlen(proc->f_stdout)) {
-            if (fp_out != NULL) {
-                fflush(fp_out);
-                fclose(fp_out);
-            }
-            fflush(stdout);
-            fclose(stdout);
-        }
-        if (strlen(proc->f_stderr)) {
-            if (fp_err) {
-                fflush(fp_err);
-                fclose(fp_err);
-            }
-            fflush(stderr);
-            fclose(stderr);
-        }
-        return retval;
+        return execl("/bin/bash", "bash", "--norc", t_name, (char *) NULL);
     } else {
         if (waitpid(pid, &status, WUNTRACED) > 0) {
             if (WIFEXITED(status) && WEXITSTATUS(status)) {
@@ -174,4 +159,4 @@ char *shell_output(const char *command, int *status) {
     }
     *status = pclose(pp);
     return result;
-}
\ No newline at end of file
+}
-- 
cgit