1 /* Creation of autonomous subprocesses.
2 Copyright (C) 2001-2004, 2006-2023 Free Software Foundation, Inc.
3 Written by Bruno Haible <haible@clisp.cons.org>, 2001.
4
5 This program is free software: you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation, either version 3 of the License, or
8 (at your option) any later version.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <https://www.gnu.org/licenses/>. */
17
18
19 #include <config.h>
20
21 /* Specification. */
22 #include "execute.h"
23
24 #include <errno.h>
25 #include <fcntl.h>
26 #include <stdlib.h>
27 #include <signal.h>
28 #include <unistd.h>
29
30 #include <sys/types.h>
31 #include <sys/wait.h>
32
33 #include "canonicalize.h"
34 #include "error.h"
35 #include "fatal-signal.h"
36 #include "filename.h"
37 #include "findprog.h"
38 #include "wait-process.h"
39 #include "xalloc.h"
40 #include "gettext.h"
41
42 #define _(str) gettext (str)
43
44
45 /* Choice of implementation for native Windows.
46 - Define to 0 to use the posix_spawn facility (modules 'posix_spawn' and
47 'posix_spawnp'), that is based on the module 'windows-spawn'.
48 - Define to 1 to use the older code, that uses the module 'windows-spawn'
49 directly.
50 You can set this macro from a Makefile or at configure time, from the
51 CPPFLAGS. */
52 #ifndef EXECUTE_IMPL_AVOID_POSIX_SPAWN
53 # define EXECUTE_IMPL_AVOID_POSIX_SPAWN 0
54 #endif
55
56
57 #if (defined _WIN32 && !defined __CYGWIN__) && EXECUTE_IMPL_AVOID_POSIX_SPAWN
58
59 /* Native Windows API. */
60 # if GNULIB_MSVC_NOTHROW
61 # include "msvc-nothrow.h"
62 # else
63 # include <io.h>
64 # endif
65 # include <process.h>
66 # include "windows-spawn.h"
67
68 #else
69
70 /* Unix API. */
71 # include <spawn.h>
72
73 #endif
74
75
76 #if defined EINTR && (defined _WIN32 && !defined __CYGWIN__) && EXECUTE_IMPL_AVOID_POSIX_SPAWN
77
78 /* EINTR handling for close(), open().
79 These functions can return -1/EINTR even though we don't have any
80 signal handlers set up, namely when we get interrupted via SIGSTOP. */
81
82 static int
83 nonintr_close (int fd)
84 {
85 int retval;
86
87 do
88 retval = close (fd);
89 while (retval < 0 && errno == EINTR);
90
91 return retval;
92 }
93 #undef close /* avoid warning related to gnulib module unistd */
94 #define close nonintr_close
95
96 static int
97 nonintr_open (const char *pathname, int oflag, mode_t mode)
98 {
99 int retval;
100
101 do
102 retval = open (pathname, oflag, mode);
103 while (retval < 0 && errno == EINTR);
104
105 return retval;
106 }
107 #undef open /* avoid warning on VMS */
108 #define open nonintr_open
109
110 #endif
111
112
113 int
114 execute (const char *progname,
115 const char *prog_path, const char * const *prog_argv,
116 const char *directory,
117 bool ignore_sigpipe,
118 bool null_stdin, bool null_stdout, bool null_stderr,
119 bool slave_process, bool exit_on_error,
120 int *termsigp)
121 {
122 int saved_errno;
123 char *prog_path_to_free = NULL;
124
125 if (directory != NULL)
126 {
127 /* If a change of directory is requested, make sure PROG_PATH is absolute
128 before we do so. This is needed because
129 - posix_spawn and posix_spawnp are required to resolve a relative
130 PROG_PATH *after* changing the directory. See
131 <https://www.austingroupbugs.net/view.php?id=1208>:
132 "if this pathname does not start with a <slash> it shall be
133 interpreted relative to the working directory of the child
134 process _after_ all file_actions have been performed."
135 But this would be a surprising application behaviour, possibly
136 even security relevant.
137 - For the Windows CreateProcess() function, it is unspecified whether
138 a relative file name is interpreted to the parent's current
139 directory or to the specified directory. See
140 <https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createprocessa> */
141 if (! IS_ABSOLUTE_FILE_NAME (prog_path))
142 {
143 const char *resolved_prog =
144 find_in_given_path (prog_path, getenv ("PATH"), NULL, false);
145 if (resolved_prog == NULL)
146 goto fail_with_errno;
147 if (resolved_prog != prog_path)
148 prog_path_to_free = (char *) resolved_prog;
149 prog_path = resolved_prog;
150
151 if (! IS_ABSOLUTE_FILE_NAME (prog_path))
152 {
153 char *absolute_prog =
154 canonicalize_filename_mode (prog_path,
155 CAN_MISSING | CAN_NOLINKS);
156 if (absolute_prog == NULL)
157 {
158 free (prog_path_to_free);
159 goto fail_with_errno;
160 }
161 free (prog_path_to_free);
162 prog_path_to_free = absolute_prog;
163 prog_path = absolute_prog;
164
165 if (! IS_ABSOLUTE_FILE_NAME (prog_path))
166 abort ();
167 }
168 }
169 }
170
171 #if (defined _WIN32 && !defined __CYGWIN__) && EXECUTE_IMPL_AVOID_POSIX_SPAWN
172
173 /* Native Windows API. */
174
175 char *argv_mem_to_free;
176
177 const char **argv = prepare_spawn (prog_argv, &argv_mem_to_free);
178 if (argv == NULL)
179 xalloc_die ();
180
181 int exitcode = -1;
182
183 /* Create standard file handles of child process. */
184 int nullinfd = -1;
185 int nulloutfd = -1;
186 if ((!null_stdin
187 || (nullinfd = open ("NUL", O_RDONLY, 0)) >= 0)
188 && (!(null_stdout || null_stderr)
189 || (nulloutfd = open ("NUL", O_RDWR, 0)) >= 0))
190 /* Pass the environment explicitly. This is needed if the program has
191 modified the environment using putenv() or [un]setenv(). On Windows,
192 processes have two environments, one in the "environment block" of the
193 process and managed through SetEnvironmentVariable(), and one inside the
194 process, in the location retrieved by the 'environ' macro. If we were
195 to pass NULL, the child process would inherit a copy of the environment
196 block - ignoring the effects of putenv() and [un]setenv(). */
197 {
198 HANDLE stdin_handle =
199 (HANDLE) _get_osfhandle (null_stdin ? nullinfd : STDIN_FILENO);
200 HANDLE stdout_handle =
201 (HANDLE) _get_osfhandle (null_stdout ? nulloutfd : STDOUT_FILENO);
202 HANDLE stderr_handle =
203 (HANDLE) _get_osfhandle (null_stderr ? nulloutfd : STDERR_FILENO);
204
205 exitcode = spawnpvech (P_WAIT, prog_path, argv + 1,
206 (const char * const *) environ, directory,
207 stdin_handle, stdout_handle, stderr_handle);
208 # if 0 /* Executing arbitrary files as shell scripts is unsecure. */
209 if (exitcode == -1 && errno == ENOEXEC)
210 {
211 /* prog is not a native executable. Try to execute it as a
212 shell script. Note that prepare_spawn() has already prepended
213 a hidden element "sh.exe" to argv. */
214 argv[1] = prog_path;
215 exitcode = spawnpvech (P_WAIT, argv[0], argv,
216 (const char * const *) environ, directory,
217 stdin_handle, stdout_handle, stderr_handle);
218 }
219 # endif
220 }
221 if (exitcode == -1)
222 saved_errno = errno;
223 if (nulloutfd >= 0)
224 close (nulloutfd);
225 if (nullinfd >= 0)
226 close (nullinfd);
227 free (argv);
228 free (argv_mem_to_free);
229 free (prog_path_to_free);
230
231 /* Treat failure and signalled child processes like wait_subprocess()
232 does. */
233 if (termsigp != NULL)
234 *termsigp = 0;
235
236 if (exitcode == -1)
237 goto fail_with_saved_errno;
238
239 if (WIFSIGNALED (exitcode))
240 {
241 if (termsigp != NULL)
242 *termsigp = WTERMSIG (exitcode);
243 saved_errno = 0;
244 goto fail_with_saved_errno;
245 }
246
247 return exitcode;
248
249 #else
250
251 /* Unix API. */
252 /* Note about 127: Some errors during posix_spawnp() cause the function
253 posix_spawnp() to return an error code; some other errors cause the
254 subprocess to exit with return code 127. It is implementation
255 dependent which error is reported which way. We treat both cases as
256 equivalent. */
257 sigset_t blocked_signals;
258 posix_spawn_file_actions_t actions;
259 bool actions_allocated;
260 posix_spawnattr_t attrs;
261 bool attrs_allocated;
262 int err;
263 pid_t child;
264
265 if (slave_process)
266 {
267 sigprocmask (SIG_SETMASK, NULL, &blocked_signals);
268 block_fatal_signals ();
269 }
270 actions_allocated = false;
271 attrs_allocated = false;
272 if ((err = posix_spawn_file_actions_init (&actions)) != 0
273 || (actions_allocated = true,
274 (null_stdin
275 && (err = posix_spawn_file_actions_addopen (&actions,
276 STDIN_FILENO,
277 "/dev/null", O_RDONLY,
278 0))
279 != 0)
280 || (null_stdout
281 && (err = posix_spawn_file_actions_addopen (&actions,
282 STDOUT_FILENO,
283 "/dev/null", O_RDWR,
284 0))
285 != 0)
286 || (null_stderr
287 && (err = posix_spawn_file_actions_addopen (&actions,
288 STDERR_FILENO,
289 "/dev/null", O_RDWR,
290 0))
291 != 0)
292 || (directory != NULL
293 && (err = posix_spawn_file_actions_addchdir (&actions,
294 directory)))
295 # if !(defined _WIN32 && !defined __CYGWIN__)
296 || (slave_process
297 && ((err = posix_spawnattr_init (&attrs)) != 0
298 || (attrs_allocated = true,
299 (err = posix_spawnattr_setsigmask (&attrs,
300 &blocked_signals))
301 != 0
302 || (err = posix_spawnattr_setflags (&attrs,
303 POSIX_SPAWN_SETSIGMASK))
304 != 0)))
305 # endif
306 || (err = (directory != NULL
307 ? posix_spawn (&child, prog_path, &actions,
308 attrs_allocated ? &attrs : NULL,
309 (char * const *) prog_argv, environ)
310 : posix_spawnp (&child, prog_path, &actions,
311 attrs_allocated ? &attrs : NULL,
312 (char * const *) prog_argv, environ)))
313 != 0))
314 {
315 if (actions_allocated)
316 posix_spawn_file_actions_destroy (&actions);
317 if (attrs_allocated)
318 posix_spawnattr_destroy (&attrs);
319 if (slave_process)
320 unblock_fatal_signals ();
321 free (prog_path_to_free);
322 if (termsigp != NULL)
323 *termsigp = 0;
324 saved_errno = err;
325 goto fail_with_saved_errno;
326 }
327 posix_spawn_file_actions_destroy (&actions);
328 if (attrs_allocated)
329 posix_spawnattr_destroy (&attrs);
330 if (slave_process)
331 {
332 register_slave_subprocess (child);
333 unblock_fatal_signals ();
334 }
335 free (prog_path_to_free);
336
337 return wait_subprocess (child, progname, ignore_sigpipe, null_stderr,
338 slave_process, exit_on_error, termsigp);
339
340 #endif
341
342 fail_with_errno:
343 saved_errno = errno;
344 fail_with_saved_errno:
345 if (exit_on_error || !null_stderr)
346 error (exit_on_error ? EXIT_FAILURE : 0, saved_errno,
347 _("%s subprocess failed"), progname);
348 return 127;
349 }