10Sstevel@tonic-gate /* 20Sstevel@tonic-gate * CDDL HEADER START 30Sstevel@tonic-gate * 40Sstevel@tonic-gate * The contents of this file are subject to the terms of the 50Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 60Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 70Sstevel@tonic-gate * with the License. 80Sstevel@tonic-gate * 90Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 100Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 110Sstevel@tonic-gate * See the License for the specific language governing permissions 120Sstevel@tonic-gate * and limitations under the License. 130Sstevel@tonic-gate * 140Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 150Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 160Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 170Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 180Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 190Sstevel@tonic-gate * 200Sstevel@tonic-gate * CDDL HEADER END 210Sstevel@tonic-gate */ 22*1219Sraf 230Sstevel@tonic-gate /* 24*1219Sraf * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 250Sstevel@tonic-gate * Use is subject to license terms. 260Sstevel@tonic-gate */ 270Sstevel@tonic-gate 280Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 290Sstevel@tonic-gate 300Sstevel@tonic-gate /* Copyright (c) 1988 AT&T */ 310Sstevel@tonic-gate /* All Rights Reserved */ 320Sstevel@tonic-gate 330Sstevel@tonic-gate 340Sstevel@tonic-gate #include "synonyms.h" 350Sstevel@tonic-gate #include "mtlib.h" 360Sstevel@tonic-gate #include <sys/types.h> 370Sstevel@tonic-gate #include <sys/wait.h> 380Sstevel@tonic-gate #include <signal.h> 390Sstevel@tonic-gate #include <stdlib.h> 400Sstevel@tonic-gate #include <wait.h> 410Sstevel@tonic-gate #include <sys/stat.h> 420Sstevel@tonic-gate #include <unistd.h> 430Sstevel@tonic-gate #include <memory.h> 440Sstevel@tonic-gate #include <pthread.h> 450Sstevel@tonic-gate #include <errno.h> 460Sstevel@tonic-gate #include <synch.h> 470Sstevel@tonic-gate #include <spawn.h> 48*1219Sraf #include "libc.h" 490Sstevel@tonic-gate 500Sstevel@tonic-gate extern const char **environ; 510Sstevel@tonic-gate 520Sstevel@tonic-gate extern int __xpg4; /* defined in _xpg4.c; 0 if not xpg4-compiled program */ 530Sstevel@tonic-gate 540Sstevel@tonic-gate static mutex_t sys_lock = DEFAULTMUTEX; /* protects the following */ 550Sstevel@tonic-gate static uint_t sys_count = 0; /* number of threads in system() */ 560Sstevel@tonic-gate static struct sigaction sys_ibuf; /* SIGINT */ 570Sstevel@tonic-gate static struct sigaction sys_qbuf; /* SIGQUIT */ 580Sstevel@tonic-gate static struct sigaction sys_cbuf; /* SIGCHLD */ 590Sstevel@tonic-gate 600Sstevel@tonic-gate /* 610Sstevel@tonic-gate * Cancellation cleanup handler. 620Sstevel@tonic-gate */ 630Sstevel@tonic-gate static void 640Sstevel@tonic-gate cleanup(void *arg) 650Sstevel@tonic-gate { 660Sstevel@tonic-gate sigset_t *savemaskp = arg; 670Sstevel@tonic-gate 680Sstevel@tonic-gate lmutex_lock(&sys_lock); 690Sstevel@tonic-gate if (--sys_count == 0) { /* leaving system() */ 700Sstevel@tonic-gate /* 710Sstevel@tonic-gate * There are no remaining threads in system(), 720Sstevel@tonic-gate * so restore the several signal actions. 730Sstevel@tonic-gate */ 740Sstevel@tonic-gate (void) sigaction(SIGINT, &sys_ibuf, NULL); 750Sstevel@tonic-gate (void) sigaction(SIGQUIT, &sys_qbuf, NULL); 760Sstevel@tonic-gate if (sys_cbuf.sa_handler == SIG_IGN || 770Sstevel@tonic-gate (sys_cbuf.sa_flags & SA_NOCLDWAIT)) 780Sstevel@tonic-gate (void) sigaction(SIGCHLD, &sys_cbuf, NULL); 790Sstevel@tonic-gate } 800Sstevel@tonic-gate lmutex_unlock(&sys_lock); 810Sstevel@tonic-gate (void) sigprocmask(SIG_SETMASK, savemaskp, NULL); 820Sstevel@tonic-gate } 830Sstevel@tonic-gate 840Sstevel@tonic-gate int 850Sstevel@tonic-gate system(const char *cmd) 860Sstevel@tonic-gate { 870Sstevel@tonic-gate pid_t pid; 880Sstevel@tonic-gate pid_t w; 890Sstevel@tonic-gate int status; 900Sstevel@tonic-gate int error; 910Sstevel@tonic-gate struct sigaction action; 920Sstevel@tonic-gate sigset_t mask; 930Sstevel@tonic-gate sigset_t savemask; 940Sstevel@tonic-gate struct stat64 buf; 950Sstevel@tonic-gate const char *shpath; 960Sstevel@tonic-gate char *argvec[4]; 970Sstevel@tonic-gate posix_spawnattr_t attr; 980Sstevel@tonic-gate static const char *sun_path = "/bin/sh"; 990Sstevel@tonic-gate static const char *xpg4_path = "/usr/xpg4/bin/sh"; 1000Sstevel@tonic-gate static const char *shell = "sh"; 1010Sstevel@tonic-gate 1020Sstevel@tonic-gate shpath = __xpg4? xpg4_path : sun_path; 1030Sstevel@tonic-gate 1040Sstevel@tonic-gate if (cmd == NULL) { 1050Sstevel@tonic-gate if (stat64(shpath, &buf) != 0) { 1060Sstevel@tonic-gate return (0); 1070Sstevel@tonic-gate } else if (getuid() == buf.st_uid) { 1080Sstevel@tonic-gate /* exec for user */ 1090Sstevel@tonic-gate if ((buf.st_mode & 0100) == 0) 1100Sstevel@tonic-gate return (0); 1110Sstevel@tonic-gate } else if (getgid() == buf.st_gid) { 1120Sstevel@tonic-gate /* exec for group */ 1130Sstevel@tonic-gate if ((buf.st_mode & 0010) == 0) 1140Sstevel@tonic-gate return (0); 1150Sstevel@tonic-gate } else if ((buf.st_mode & 0001) == 0) { /* exec for others */ 1160Sstevel@tonic-gate return (0); 1170Sstevel@tonic-gate } 1180Sstevel@tonic-gate return (1); 1190Sstevel@tonic-gate } 1200Sstevel@tonic-gate 1210Sstevel@tonic-gate /* 1220Sstevel@tonic-gate * Initialize the posix_spawn() attributes structure. 1230Sstevel@tonic-gate */ 1240Sstevel@tonic-gate if ((error = posix_spawnattr_init(&attr)) != 0) { 1250Sstevel@tonic-gate errno = error; 1260Sstevel@tonic-gate return (-1); 1270Sstevel@tonic-gate } 1280Sstevel@tonic-gate error = posix_spawnattr_setflags(&attr, 1290Sstevel@tonic-gate POSIX_SPAWN_SETSIGMASK | POSIX_SPAWN_SETSIGDEF); 1300Sstevel@tonic-gate 1310Sstevel@tonic-gate /* 1320Sstevel@tonic-gate * We are required to block SIGCHLD so that we don't cause 1330Sstevel@tonic-gate * the process's signal handler, if any, to be called. 1340Sstevel@tonic-gate * This doesn't really work for a multithreaded process 1350Sstevel@tonic-gate * because some other thread may receive the SIGCHLD. 1360Sstevel@tonic-gate */ 1370Sstevel@tonic-gate (void) sigemptyset(&mask); 1380Sstevel@tonic-gate (void) sigaddset(&mask, SIGCHLD); 1390Sstevel@tonic-gate (void) sigprocmask(SIG_BLOCK, &mask, &savemask); 1400Sstevel@tonic-gate /* 1410Sstevel@tonic-gate * Tell posix_spawn() to restore the signal mask in the child. 1420Sstevel@tonic-gate */ 1430Sstevel@tonic-gate if (error == 0) 1440Sstevel@tonic-gate error = posix_spawnattr_setsigmask(&attr, &savemask); 1450Sstevel@tonic-gate 1460Sstevel@tonic-gate /* 1470Sstevel@tonic-gate * We are required to set the disposition of SIGINT and SIGQUIT 1480Sstevel@tonic-gate * to be ignored for the duration of the system() operation. 1490Sstevel@tonic-gate * 1500Sstevel@tonic-gate * We allow more than one thread to call system() concurrently by 1510Sstevel@tonic-gate * keeping a count of such threads. The signal actions are set 1520Sstevel@tonic-gate * to SIG_IGN when the first thread calls system(). They are 1530Sstevel@tonic-gate * restored in cleanup() when the last thread exits system(). 1540Sstevel@tonic-gate * 1550Sstevel@tonic-gate * However, system() is still MT-unsafe because sigaction() has 1560Sstevel@tonic-gate * a process-wide effect and some other thread may also be 1570Sstevel@tonic-gate * setting the signal actions for SIGINT or SIGQUIT. 1580Sstevel@tonic-gate */ 1590Sstevel@tonic-gate lmutex_lock(&sys_lock); 1600Sstevel@tonic-gate if (sys_count++ == 0) { 1610Sstevel@tonic-gate (void) memset(&action, 0, sizeof (action)); 1620Sstevel@tonic-gate action.sa_handler = SIG_IGN; 1630Sstevel@tonic-gate (void) sigaction(SIGINT, &action, &sys_ibuf); 1640Sstevel@tonic-gate (void) sigaction(SIGQUIT, &action, &sys_qbuf); 1650Sstevel@tonic-gate /* 1660Sstevel@tonic-gate * If the action for SIGCHLD is SIG_IGN, then set it to SIG_DFL 1670Sstevel@tonic-gate * so we can retrieve the status of the spawned-off shell. 1680Sstevel@tonic-gate * The execve() performed in posix_spawn() will set the action 1690Sstevel@tonic-gate * for SIGCHLD in the child process to SIG_DFL regardless, 1700Sstevel@tonic-gate * so this has no negative consequencies for the child. 1710Sstevel@tonic-gate * 1720Sstevel@tonic-gate * Note that this is not required by the SUSv3 standard. 1730Sstevel@tonic-gate * The standard permits this error: 1740Sstevel@tonic-gate * ECHILD The status of the child process created 1750Sstevel@tonic-gate * by system() is no longer available. 1760Sstevel@tonic-gate * So we could leave the action for SIGCHLD alone and 1770Sstevel@tonic-gate * still be standards-conforming, but this is the way 1780Sstevel@tonic-gate * the SunOS system() has always behaved (in fact it 1790Sstevel@tonic-gate * used to set the action to SIG_DFL unconditinally), 1800Sstevel@tonic-gate * so we retain this behavior here. 1810Sstevel@tonic-gate */ 1820Sstevel@tonic-gate (void) sigaction(SIGCHLD, NULL, &sys_cbuf); 1830Sstevel@tonic-gate if (sys_cbuf.sa_handler == SIG_IGN || 1840Sstevel@tonic-gate (sys_cbuf.sa_flags & SA_NOCLDWAIT)) { 1850Sstevel@tonic-gate action.sa_handler = SIG_DFL; 1860Sstevel@tonic-gate (void) sigaction(SIGCHLD, &action, NULL); 1870Sstevel@tonic-gate } 1880Sstevel@tonic-gate } 1890Sstevel@tonic-gate lmutex_unlock(&sys_lock); 1900Sstevel@tonic-gate 1910Sstevel@tonic-gate /* 1920Sstevel@tonic-gate * If SIGINT and SIGQUIT were not already SIG_IGN, tell 1930Sstevel@tonic-gate * posix_spawn() to make them SIG_DFL in the child, 1940Sstevel@tonic-gate * else leave them as SIG_IGN in the child. 1950Sstevel@tonic-gate */ 1960Sstevel@tonic-gate (void) sigemptyset(&mask); 1970Sstevel@tonic-gate if (sys_ibuf.sa_handler != SIG_IGN) 1980Sstevel@tonic-gate (void) sigaddset(&mask, SIGINT); 1990Sstevel@tonic-gate if (sys_qbuf.sa_handler != SIG_IGN) 2000Sstevel@tonic-gate (void) sigaddset(&mask, SIGQUIT); 2010Sstevel@tonic-gate if (error == 0) 2020Sstevel@tonic-gate error = posix_spawnattr_setsigdefault(&attr, &mask); 2030Sstevel@tonic-gate 2040Sstevel@tonic-gate argvec[0] = (char *)shell; 2050Sstevel@tonic-gate argvec[1] = "-c"; 2060Sstevel@tonic-gate argvec[2] = (char *)cmd; 2070Sstevel@tonic-gate argvec[3] = NULL; 2080Sstevel@tonic-gate if (error == 0) 2090Sstevel@tonic-gate error = posix_spawn(&pid, shpath, NULL, &attr, 2100Sstevel@tonic-gate (char *const *)argvec, (char *const *)environ); 2110Sstevel@tonic-gate 2120Sstevel@tonic-gate (void) posix_spawnattr_destroy(&attr); 2130Sstevel@tonic-gate 2140Sstevel@tonic-gate if (error) { 2150Sstevel@tonic-gate errno = error; 2160Sstevel@tonic-gate status = -1; 2170Sstevel@tonic-gate } else { 218*1219Sraf /* 219*1219Sraf * system() is a cancellation point. 220*1219Sraf * Call waitpid_cancel() rather than _waitpid() to make 221*1219Sraf * sure that we actually perform the cancellation logic. 222*1219Sraf */ 2230Sstevel@tonic-gate pthread_cleanup_push(cleanup, &savemask); 2240Sstevel@tonic-gate do { 225*1219Sraf w = waitpid_cancel(pid, &status, 0); 2260Sstevel@tonic-gate } while (w == -1 && errno == EINTR); 2270Sstevel@tonic-gate pthread_cleanup_pop(0); 2280Sstevel@tonic-gate if (w == -1) 2290Sstevel@tonic-gate status = -1; 2300Sstevel@tonic-gate } 2310Sstevel@tonic-gate cleanup(&savemask); 2320Sstevel@tonic-gate 2330Sstevel@tonic-gate return (status); 2340Sstevel@tonic-gate } 235