summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2013-03-24 22:41:38 -0400
committerRich Felker <dalias@aerifal.cx>2013-03-24 22:41:38 -0400
commit9cb6e6ea120cfaf1df9016883012d22fb57d43e1 (patch)
tree7ee2671a0a479cdfb548c06cb6f752ee25320e70 /src
parent7914ce9204e907ae770fcbe59975010520fcac58 (diff)
downloadmusl-9cb6e6ea120cfaf1df9016883012d22fb57d43e1.tar.gz
musl-9cb6e6ea120cfaf1df9016883012d22fb57d43e1.tar.bz2
musl-9cb6e6ea120cfaf1df9016883012d22fb57d43e1.tar.xz
musl-9cb6e6ea120cfaf1df9016883012d22fb57d43e1.zip
rewrite popen to use posix_spawn instead of fragile vfork hacks
Diffstat (limited to 'src')
-rw-r--r--src/stdio/popen.c82
1 files changed, 41 insertions, 41 deletions
diff --git a/src/stdio/popen.c b/src/stdio/popen.c
index ed20f5a1..28ff23fd 100644
--- a/src/stdio/popen.c
+++ b/src/stdio/popen.c
@@ -2,28 +2,23 @@
#include <unistd.h>
#include <errno.h>
#include <string.h>
+#include <spawn.h>
#include "stdio_impl.h"
-#include "pthread_impl.h"
#include "syscall.h"
-static void dummy_0()
-{
-}
-weak_alias(dummy_0, __acquire_ptc);
-weak_alias(dummy_0, __release_ptc);
-
-pid_t __vfork(void);
+extern char **__environ;
FILE *popen(const char *cmd, const char *mode)
{
- int p[2], op, i;
+ int p[2], op, e;
pid_t pid;
FILE *f;
- sigset_t old;
- const char *modes = "rw", *mi = strchr(modes, *mode);
+ posix_spawn_file_actions_t fa;
- if (mi) {
- op = mi-modes;
+ if (*mode == 'r') {
+ op = 0;
+ } else if (*mode == 'w') {
+ op = 1;
} else {
errno = EINVAL;
return 0;
@@ -36,38 +31,43 @@ FILE *popen(const char *cmd, const char *mode)
__syscall(SYS_close, p[1]);
return NULL;
}
+ FLOCK(f);
- sigprocmask(SIG_BLOCK, SIGALL_SET, &old);
-
- __acquire_ptc();
- pid = __vfork();
-
- if (pid) {
- __release_ptc();
- __syscall(SYS_close, p[1-op]);
- sigprocmask(SIG_SETMASK, &old, 0);
- if (pid < 0) {
- fclose(f);
- return 0;
+ /* If the child's end of the pipe happens to already be on the final
+ * fd number to which it will be assigned (either 0 or 1), it must
+ * be moved to a different fd. Otherwise, there is no safe way to
+ * remove the close-on-exec flag in the child without also creating
+ * a file descriptor leak race condition in the parent. */
+ if (p[1-op] == 1-op) {
+ int tmp = fcntl(F_DUPFD_CLOEXEC, 1-op, 0);
+ if (tmp < 0) {
+ e = errno;
+ goto fail;
}
- f->pipe_pid = pid;
- return f;
+ __syscall(SYS_close, p[1-op]);
+ p[1-op] = tmp;
}
- /* See notes in system.c for why this is needed. */
- for (i=1; i<=8*__SYSCALL_SSLEN; i++) {
- struct sigaction sa;
- __libc_sigaction(i, 0, &sa);
- if (sa.sa_handler!=SIG_IGN && sa.sa_handler!=SIG_DFL) {
- sa.sa_handler = SIG_DFL;
- __libc_sigaction(i, &sa, 0);
+ e = ENOMEM;
+ if (!posix_spawn_file_actions_init(&fa)) {
+ if (!posix_spawn_file_actions_adddup2(&fa, p[1-op], 1-op)) {
+ if (!(e = posix_spawn(&pid, "/bin/sh", &fa, 0,
+ (char *[]){ "sh", "-c", (char *)cmd, 0 }, __environ))) {
+ posix_spawn_file_actions_destroy(&fa);
+ f->pipe_pid = pid;
+ if (!strchr(mode, 'e'))
+ fcntl(p[op], F_SETFD, 0);
+ __syscall(SYS_close, p[1-op]);
+ FUNLOCK(f);
+ return f;
+ }
}
+ posix_spawn_file_actions_destroy(&fa);
}
- if (dup2(p[1-op], 1-op) < 0) _exit(127);
- fcntl(1-op, F_SETFD, 0);
- if (p[0] != 1-op) __syscall(SYS_close, p[0]);
- if (p[1] != 1-op) __syscall(SYS_close, p[1]);
- sigprocmask(SIG_SETMASK, &old, 0);
- execl("/bin/sh", "sh", "-c", cmd, (char *)0);
- _exit(127);
+fail:
+ fclose(f);
+ __syscall(SYS_close, p[1-op]);
+
+ errno = e;
+ return 0;
}