diff mbox series

system.3: Document bug and workaround when the command name starts with a hypen

Message ID 20210104180420.74092-1-alx.manpages@gmail.com
State Not applicable
Headers
Series system.3: Document bug and workaround when the command name starts with a hypen |

Commit Message

Alejandro Colomar Jan. 4, 2021, 6:04 p.m. UTC 
  man-pages bug: 211029
 https://bugzilla.kernel.org/show_bug.cgi?id=211029

Reported-by: Ciprian Dorin Craciun <ciprian.craciun@gmail.com>
Cc: Florian Weimer <fweimer@redhat.com>
Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com>
---
 man3/system.3 | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

Comments

Alejandro Colomar Jan. 4, 2021, 6:32 p.m. UTC | #1 
Hi Michael,

See a few corrections below.

Cheers,

Alex

On 1/4/21 7:04 PM, Alejandro Colomar wrote:
> man-pages bug: 211029
>  https://bugzilla.kernel.org/show_bug.cgi?id=211029
> 
> Reported-by: Ciprian Dorin Craciun <ciprian.craciun@gmail.com>
> Cc: Florian Weimer <fweimer@redhat.com>
> Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com>
> ---
>  man3/system.3 | 34 ++++++++++++++++++++++++++++++++++
>  1 file changed, 34 insertions(+)
> 
> diff --git a/man3/system.3 b/man3/system.3
> index aef40417a..0310d9a04 100644
> --- a/man3/system.3
> +++ b/man3/system.3
> @@ -250,6 +250,40 @@ are not executed.
>  Such risks are especially grave when using
>  .BR system ()
>  from a privileged program.
> +.SH BUGS
> +./" [BUG 211029](https://bugzilla.kernel.org/show_bug.cgi?id=211029)
> +./" [Glibc bug](https://sourceware.org/bugzilla/show_bug.cgi?id=27143)
> +./" [POSIX bug](https://www.austingroupbugs.net/view.php?id=1440)
> +If the command name starts with a hyphen,
> +.BR sh (1)
> +interprets the command name as an option,
> +and the behavior is undefined
> +(See the
> +.B \-c
> +option in

option to

> +.BR sh (1).).
> +To work around this problem,
> +prepend the command with a space as below:
> +.PP
> +.RS 4
> +.EX
> +/* system_hyphen.c */
> +
> +#include <stdlib.h>
> +
> +int
> +main(void)
> +{
> +    system(" -echo Hello world!");

\-echo

> +    exit(EXIT_SUCCESS);
> +}
> +.PP
> +.RB "$" " sudo ln \-s \-T /usr/bin/echo /usr/bin/\-echo;"
> +.RB "$" " cc \-o system_hyphen system_hyphen.c;"
> +.RB "$" " ./system_hyphen;"
> +Hello world!
> +.EE
> +.RE
>  .SH SEE ALSO
>  .BR sh (1),
>  .BR execve (2),
>
Alejandro Colomar Jan. 4, 2021, 8:02 p.m. UTC | #2 
D'oh

On 1/4/21 7:32 PM, Alejandro Colomar (man-pages) wrote:
> Hi Michael,
> 
> See a few corrections below.
> 
> Cheers,
> 
> Alex
> 
> On 1/4/21 7:04 PM, Alejandro Colomar wrote:
>> man-pages bug: 211029
>>  https://bugzilla.kernel.org/show_bug.cgi?id=211029
>>
>> Reported-by: Ciprian Dorin Craciun <ciprian.craciun@gmail.com>
>> Cc: Florian Weimer <fweimer@redhat.com>
>> Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com>
>> ---
>>  man3/system.3 | 34 ++++++++++++++++++++++++++++++++++
>>  1 file changed, 34 insertions(+)
>>
>> diff --git a/man3/system.3 b/man3/system.3
>> index aef40417a..0310d9a04 100644
>> --- a/man3/system.3
>> +++ b/man3/system.3
>> @@ -250,6 +250,40 @@ are not executed.
>>  Such risks are especially grave when using
>>  .BR system ()
>>  from a privileged program.
>> +.SH BUGS
>> +./" [BUG 211029](https://bugzilla.kernel.org/show_bug.cgi?id=211029)
>> +./" [Glibc bug](https://sourceware.org/bugzilla/show_bug.cgi?id=27143)
>> +./" [POSIX bug](https://www.austingroupbugs.net/view.php?id=1440)

s%/%\\%

>> +If the command name starts with a hyphen,
>> +.BR sh (1)
>> +interprets the command name as an option,
>> +and the behavior is undefined
>> +(See the
>> +.B \-c
>> +option in
> 
> option to
> 
>> +.BR sh (1).).
>> +To work around this problem,
>> +prepend the command with a space as below:
>> +.PP
>> +.RS 4
>> +.EX
>> +/* system_hyphen.c */
>> +
>> +#include <stdlib.h>
>> +
>> +int
>> +main(void)
>> +{
>> +    system(" -echo Hello world!");
> 
> \-echo
> 
>> +    exit(EXIT_SUCCESS);
>> +}
>> +.PP
>> +.RB "$" " sudo ln \-s \-T /usr/bin/echo /usr/bin/\-echo;"
>> +.RB "$" " cc \-o system_hyphen system_hyphen.c;"
>> +.RB "$" " ./system_hyphen;"
>> +Hello world!
>> +.EE
>> +.RE
>>  .SH SEE ALSO
>>  .BR sh (1),
>>  .BR execve (2),
>>
>
diff mbox series

Patch

diff --git a/man3/system.3 b/man3/system.3
index aef40417a..0310d9a04 100644
--- a/man3/system.3
+++ b/man3/system.3
@@ -250,6 +250,40 @@  are not executed.
 Such risks are especially grave when using
 .BR system ()
 from a privileged program.
+.SH BUGS
+./" [BUG 211029](https://bugzilla.kernel.org/show_bug.cgi?id=211029)
+./" [Glibc bug](https://sourceware.org/bugzilla/show_bug.cgi?id=27143)
+./" [POSIX bug](https://www.austingroupbugs.net/view.php?id=1440)
+If the command name starts with a hyphen,
+.BR sh (1)
+interprets the command name as an option,
+and the behavior is undefined
+(See the
+.B \-c
+option in
+.BR sh (1).).
+To work around this problem,
+prepend the command with a space as below:
+.PP
+.RS 4
+.EX
+/* system_hyphen.c */
+
+#include <stdlib.h>
+
+int
+main(void)
+{
+    system(" -echo Hello world!");
+    exit(EXIT_SUCCESS);
+}
+.PP
+.RB "$" " sudo ln \-s \-T /usr/bin/echo /usr/bin/\-echo;"
+.RB "$" " cc \-o system_hyphen system_hyphen.c;"
+.RB "$" " ./system_hyphen;"
+Hello world!
+.EE
+.RE
 .SH SEE ALSO
 .BR sh (1),
 .BR execve (2),