[Bug 259625] fexecve interacts incorrectly with interpreters

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259625

            Bug ID: 259625
           Summary: fexecve interacts incorrectly with interpreters
           Product: Base System
           Version: 13.0-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: sir@cmpwn.com

This problem seems to be reproducible in FreeBSD 13.

Given the following test program:

#include <fcntl.h>
#include <unistd.h>

extern char **environ;

int main(void) {
        int fd = open("./test.sh", O_RDONLY);
        char *argv[] = {
                "./test.sh",
                NULL
        };
        fexecve(fd, argv, environ);
}

And the following ./test.sh:

#!/bin/sh
echo hi

The result is:

/bin/sh: cannot open /dev/fd/3: No such file or directory

Mounting fdescfs on /dev/fd changes the error:

/bin/sh: cannot open /dev/fd/3: Permission denied

The results do not change with O_EXEC instead of (or in addition to) O_RDONLY.

Possibly related: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=169651

It seems like this may have worked at some point, as some effort seems to have
gone into making this use-case work. The fdescfs requirement is documented in
the CAVEATS section of the execve(2) man page, but it does not seem to work
even with fdescfs. I think it would also be wise for FreeBSD to enable fdescfs
by default in order to allow programs to reliably depend on the functionality
of fexecve.

-- 
You are receiving this mail because:
You are the assignee for the bug.