diff mbox series

[v4] system.3: Document bug and workaround when the command name starts with a hypen

Message ID 20210108142209.61938-1-alx.manpages@gmail.com
State Not applicable
Headers
Series [v4] system.3: Document bug and workaround when the command name starts with a hypen |

Commit Message

Alejandro Colomar Jan. 8, 2021, 2:22 p.m. UTC 
  man-pages bug: 211029
 https://bugzilla.kernel.org/show_bug.cgi?id=211029

Complete workaround
(it was too long for the page, but it may be useful here):

......

$ sudo ln -s -T /usr/bin/echo /usr/bin/-echo;
$ cc -o system_hyphen -x c - ;
#include <stdlib.h>

int
main(void)
{
    system(" -echo Hello world!");
    exit(EXIT_SUCCESS);
}

$ ./system_hyphen;
Hello world!

Reported-by: Ciprian Dorin Craciun <ciprian.craciun@gmail.com>
Cc: Florian Weimer <fweimer@redhat.com>
Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com>
---

D'oh!

 man3/system.3 | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

Comments

Alejandro Colomar Jan. 8, 2021, 2:28 p.m. UTC | #1 
On 1/8/21 3:22 PM, Alejandro Colomar wrote:
> man-pages bug: 211029
>  https://bugzilla.kernel.org/show_bug.cgi?id=211029
> 
> Complete workaround

Maybe a bit more readable:
Complete workaround example


> (it was too long for the page, but it may be useful here):
> 
> ......
> 
> $ sudo ln -s -T /usr/bin/echo /usr/bin/-echo;
> $ cc -o system_hyphen -x c - ;
> #include <stdlib.h>
> 
> int
> main(void)
> {
>     system(" -echo Hello world!");
>     exit(EXIT_SUCCESS);
> }
> 
> $ ./system_hyphen;
> Hello world!
> 
> Reported-by: Ciprian Dorin Craciun <ciprian.craciun@gmail.com>
> Cc: Florian Weimer <fweimer@redhat.com>
> Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com>
> ---
> 
> D'oh!
> 
>  man3/system.3 | 20 ++++++++++++++++++++
>  1 file changed, 20 insertions(+)
> 
> diff --git a/man3/system.3 b/man3/system.3
> index 753d46f7d..ead35ab30 100644
> --- a/man3/system.3
> +++ b/man3/system.3
> @@ -255,6 +255,26 @@ are not executed.
>  Such risks are especially grave when using
>  .BR system ()
>  from a privileged program.
> +.SH BUGS
> +.\" [BUG 211029](https://bugzilla.kernel.org/show_bug.cgi?id=211029)
> +.\" [Glibc bug](https://sourceware.org/bugzilla/show_bug.cgi?id=27143)
> +.\" [POSIX bug](https://www.austingroupbugs.net/view.php?id=1440)
> +If the command name starts with a hyphen,
> +.BR sh (1)
> +interprets the command name as an option,
> +and the behavior is undefined.
> +(See the
> +.B \-c
> +option to
> +.BR sh (1).)
> +To work around this problem,
> +prepend the command with a space as in the following call:
> +.PP
> +.RS 4
> +.EX
> +    system(" \-unfortunate\-command\-name");
> +.EE
> +.RE
>  .SH SEE ALSO
>  .BR sh (1),
>  .BR execve (2),
>
Alejandro Colomar Jan. 18, 2021, 3:28 p.m. UTC | #2 
Hi Michael,

Ping!

And now I noticed a typo in the subject:
s/hypen/hyphen/

Thanks,

Alex

On 1/8/21 3:28 PM, Alejandro Colomar (man-pages) wrote:
> 
> 
> On 1/8/21 3:22 PM, Alejandro Colomar wrote:
>> man-pages bug: 211029
>>  https://bugzilla.kernel.org/show_bug.cgi?id=211029
>>
>> Complete workaround
> 
> Maybe a bit more readable:
> Complete workaround example
> 
> 
>> (it was too long for the page, but it may be useful here):
>>
>> ......
>>
>> $ sudo ln -s -T /usr/bin/echo /usr/bin/-echo;
>> $ cc -o system_hyphen -x c - ;
>> #include <stdlib.h>
>>
>> int
>> main(void)
>> {
>>     system(" -echo Hello world!");
>>     exit(EXIT_SUCCESS);
>> }
>>
>> $ ./system_hyphen;
>> Hello world!
>>
>> Reported-by: Ciprian Dorin Craciun <ciprian.craciun@gmail.com>
>> Cc: Florian Weimer <fweimer@redhat.com>
>> Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com>
>> ---
>>
>> D'oh!
>>
>>  man3/system.3 | 20 ++++++++++++++++++++
>>  1 file changed, 20 insertions(+)
>>
>> diff --git a/man3/system.3 b/man3/system.3
>> index 753d46f7d..ead35ab30 100644
>> --- a/man3/system.3
>> +++ b/man3/system.3
>> @@ -255,6 +255,26 @@ are not executed.
>>  Such risks are especially grave when using
>>  .BR system ()
>>  from a privileged program.
>> +.SH BUGS
>> +.\" [BUG 211029](https://bugzilla.kernel.org/show_bug.cgi?id=211029)
>> +.\" [Glibc bug](https://sourceware.org/bugzilla/show_bug.cgi?id=27143)
>> +.\" [POSIX bug](https://www.austingroupbugs.net/view.php?id=1440)
>> +If the command name starts with a hyphen,
>> +.BR sh (1)
>> +interprets the command name as an option,
>> +and the behavior is undefined.
>> +(See the
>> +.B \-c
>> +option to
>> +.BR sh (1).)
>> +To work around this problem,
>> +prepend the command with a space as in the following call:
>> +.PP
>> +.RS 4
>> +.EX
>> +    system(" \-unfortunate\-command\-name");
>> +.EE
>> +.RE
>>  .SH SEE ALSO
>>  .BR sh (1),
>>  .BR execve (2),
>>
>
Michael Kerrisk \(man-pages\) Jan. 18, 2021, 3:35 p.m. UTC | #3 
Hi Alex,

On 1/8/21 3:22 PM, Alejandro Colomar wrote:
> man-pages bug: 211029
>  https://bugzilla.kernel.org/show_bug.cgi?id=211029
> 
> Complete workaround
> (it was too long for the page, but it may be useful here):
> 
> ......
> 
> $ sudo ln -s -T /usr/bin/echo /usr/bin/-echo;
> $ cc -o system_hyphen -x c - ;
> #include <stdlib.h>
> 
> int
> main(void)
> {
>     system(" -echo Hello world!");
>     exit(EXIT_SUCCESS);
> }
> 
> $ ./system_hyphen;
> Hello world!
> 
> Reported-by: Ciprian Dorin Craciun <ciprian.craciun@gmail.com>
> Cc: Florian Weimer <fweimer@redhat.com>
> Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com>

Thanks for the ping. Patch applied, but see man-pages(7)
and my small fix-up in the next commit.

Cheers,

Michael

> ---
> 
> D'oh!
> 
>  man3/system.3 | 20 ++++++++++++++++++++
>  1 file changed, 20 insertions(+)
> 
> diff --git a/man3/system.3 b/man3/system.3
> index 753d46f7d..ead35ab30 100644
> --- a/man3/system.3
> +++ b/man3/system.3
> @@ -255,6 +255,26 @@ are not executed.
>  Such risks are especially grave when using
>  .BR system ()
>  from a privileged program.
> +.SH BUGS
> +.\" [BUG 211029](https://bugzilla.kernel.org/show_bug.cgi?id=211029)
> +.\" [Glibc bug](https://sourceware.org/bugzilla/show_bug.cgi?id=27143)
> +.\" [POSIX bug](https://www.austingroupbugs.net/view.php?id=1440)
> +If the command name starts with a hyphen,
> +.BR sh (1)
> +interprets the command name as an option,
> +and the behavior is undefined.
> +(See the
> +.B \-c
> +option to
> +.BR sh (1).)
> +To work around this problem,
> +prepend the command with a space as in the following call:
> +.PP
> +.RS 4
> +.EX
> +    system(" \-unfortunate\-command\-name");
> +.EE
> +.RE
>  .SH SEE ALSO
>  .BR sh (1),
>  .BR execve (2),
>
Michael Kerrisk \(man-pages\) Jan. 18, 2021, 3:36 p.m. UTC | #4 
On 1/8/21 3:28 PM, Alejandro Colomar (man-pages) wrote:
> 
> 
> On 1/8/21 3:22 PM, Alejandro Colomar wrote:
>> man-pages bug: 211029
>>  https://bugzilla.kernel.org/show_bug.cgi?id=211029
>>
>> Complete workaround
> 
> Maybe a bit more readable:
> Complete workaround example

Changed.

Thanks,

Michael

> 
> 
>> (it was too long for the page, but it may be useful here):
>>
>> ......
>>
>> $ sudo ln -s -T /usr/bin/echo /usr/bin/-echo;
>> $ cc -o system_hyphen -x c - ;
>> #include <stdlib.h>
>>
>> int
>> main(void)
>> {
>>     system(" -echo Hello world!");
>>     exit(EXIT_SUCCESS);
>> }
>>
>> $ ./system_hyphen;
>> Hello world!
>>
>> Reported-by: Ciprian Dorin Craciun <ciprian.craciun@gmail.com>
>> Cc: Florian Weimer <fweimer@redhat.com>
>> Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com>
>> ---
>>
>> D'oh!
>>
>>  man3/system.3 | 20 ++++++++++++++++++++
>>  1 file changed, 20 insertions(+)
>>
>> diff --git a/man3/system.3 b/man3/system.3
>> index 753d46f7d..ead35ab30 100644
>> --- a/man3/system.3
>> +++ b/man3/system.3
>> @@ -255,6 +255,26 @@ are not executed.
>>  Such risks are especially grave when using
>>  .BR system ()
>>  from a privileged program.
>> +.SH BUGS
>> +.\" [BUG 211029](https://bugzilla.kernel.org/show_bug.cgi?id=211029)
>> +.\" [Glibc bug](https://sourceware.org/bugzilla/show_bug.cgi?id=27143)
>> +.\" [POSIX bug](https://www.austingroupbugs.net/view.php?id=1440)
>> +If the command name starts with a hyphen,
>> +.BR sh (1)
>> +interprets the command name as an option,
>> +and the behavior is undefined.
>> +(See the
>> +.B \-c
>> +option to
>> +.BR sh (1).)
>> +To work around this problem,
>> +prepend the command with a space as in the following call:
>> +.PP
>> +.RS 4
>> +.EX
>> +    system(" \-unfortunate\-command\-name");
>> +.EE
>> +.RE
>>  .SH SEE ALSO
>>  .BR sh (1),
>>  .BR execve (2),
>>
>
Michael Kerrisk \(man-pages\) Jan. 18, 2021, 3:37 p.m. UTC | #5 
On 1/18/21 4:28 PM, Alejandro Colomar (man-pages) wrote:
> Hi Michael,
> 
> Ping!
> 
> And now I noticed a typo in the subject:
> s/hypen/hyphen/

D'oh! I missed that.

In cases like these, where there's already two amendments to the patch,
perhaps better is a new complete patch, rather than a ping :-).

Thanks,

Michael


> On 1/8/21 3:28 PM, Alejandro Colomar (man-pages) wrote:
>>
>>
>> On 1/8/21 3:22 PM, Alejandro Colomar wrote:
>>> man-pages bug: 211029
>>>  https://bugzilla.kernel.org/show_bug.cgi?id=211029
>>>
>>> Complete workaround
>>
>> Maybe a bit more readable:
>> Complete workaround example
>>
>>
>>> (it was too long for the page, but it may be useful here):
>>>
>>> ......
>>>
>>> $ sudo ln -s -T /usr/bin/echo /usr/bin/-echo;
>>> $ cc -o system_hyphen -x c - ;
>>> #include <stdlib.h>
>>>
>>> int
>>> main(void)
>>> {
>>>     system(" -echo Hello world!");
>>>     exit(EXIT_SUCCESS);
>>> }
>>>
>>> $ ./system_hyphen;
>>> Hello world!
>>>
>>> Reported-by: Ciprian Dorin Craciun <ciprian.craciun@gmail.com>
>>> Cc: Florian Weimer <fweimer@redhat.com>
>>> Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com>
>>> ---
>>>
>>> D'oh!
>>>
>>>  man3/system.3 | 20 ++++++++++++++++++++
>>>  1 file changed, 20 insertions(+)
>>>
>>> diff --git a/man3/system.3 b/man3/system.3
>>> index 753d46f7d..ead35ab30 100644
>>> --- a/man3/system.3
>>> +++ b/man3/system.3
>>> @@ -255,6 +255,26 @@ are not executed.
>>>  Such risks are especially grave when using
>>>  .BR system ()
>>>  from a privileged program.
>>> +.SH BUGS
>>> +.\" [BUG 211029](https://bugzilla.kernel.org/show_bug.cgi?id=211029)
>>> +.\" [Glibc bug](https://sourceware.org/bugzilla/show_bug.cgi?id=27143)
>>> +.\" [POSIX bug](https://www.austingroupbugs.net/view.php?id=1440)
>>> +If the command name starts with a hyphen,
>>> +.BR sh (1)
>>> +interprets the command name as an option,
>>> +and the behavior is undefined.
>>> +(See the
>>> +.B \-c
>>> +option to
>>> +.BR sh (1).)
>>> +To work around this problem,
>>> +prepend the command with a space as in the following call:
>>> +.PP
>>> +.RS 4
>>> +.EX
>>> +    system(" \-unfortunate\-command\-name");
>>> +.EE
>>> +.RE
>>>  .SH SEE ALSO
>>>  .BR sh (1),
>>>  .BR execve (2),
>>>
>>
> 
>
diff mbox series

Patch

diff --git a/man3/system.3 b/man3/system.3
index 753d46f7d..ead35ab30 100644
--- a/man3/system.3
+++ b/man3/system.3
@@ -255,6 +255,26 @@  are not executed.
 Such risks are especially grave when using
 .BR system ()
 from a privileged program.
+.SH BUGS
+.\" [BUG 211029](https://bugzilla.kernel.org/show_bug.cgi?id=211029)
+.\" [Glibc bug](https://sourceware.org/bugzilla/show_bug.cgi?id=27143)
+.\" [POSIX bug](https://www.austingroupbugs.net/view.php?id=1440)
+If the command name starts with a hyphen,
+.BR sh (1)
+interprets the command name as an option,
+and the behavior is undefined.
+(See the
+.B \-c
+option to
+.BR sh (1).)
+To work around this problem,
+prepend the command with a space as in the following call:
+.PP
+.RS 4
+.EX
+    system(" \-unfortunate\-command\-name");
+.EE
+.RE
 .SH SEE ALSO
 .BR sh (1),
 .BR execve (2),