1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 /* Copyright (c) 1988 AT&T */
28 /* All Rights Reserved */
29
30 #include "lint.h"
31 #include "mtlib.h"
32 #include <sys/types.h>
33 #include <sys/wait.h>
34 #include <signal.h>
35 #include <stdlib.h>
36 #include <wait.h>
37 #include <sys/stat.h>
38 #include <unistd.h>
39 #include <memory.h>
40 #include <thread.h>
41 #include <pthread.h>
42 #include <errno.h>
43 #include <synch.h>
44 #include <spawn.h>
45 #include <paths.h>
46 #include "libc.h"
47
48 extern const char **_environ;
49
50 extern int __xpg4; /* defined in _xpg4.c; 0 if not xpg4-compiled program */
51 extern const sigset_t maskset; /* all maskable signals */
52
53 static mutex_t sys_lock = DEFAULTMUTEX; /* protects the following */
54 static uint_t sys_count = 0; /* number of threads in system() */
55 static struct sigaction sys_ibuf; /* saved SIGINT sigaction */
56 static struct sigaction sys_qbuf; /* saved SIGQUIT sigaction */
57 static struct sigaction ignore = {0, {SIG_IGN}, {0}};
58
59 /*
60 * Things needed by the cancellation cleanup handler.
61 */
62 typedef struct {
63 sigset_t savemask; /* saved signal mask */
64 pid_t pid; /* if nonzero, the child's pid */
65 } cleanup_t;
66
67 /*
68 * Daemon thread whose sole function is to reap an abandoned child.
69 * Also invoked from pclose() (see port/stdio/popen.c).
70 */
71 void *
72 reapchild(void *arg)
73 {
74 pid_t pid = (pid_t)(uintptr_t)arg;
75 int cancel_state;
76
77 (void) pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cancel_state);
78 while (waitpid(pid, NULL, 0) == -1) {
79 if (errno != EINTR)
80 break;
81 }
82 (void) pthread_setcancelstate(cancel_state, NULL);
83 return (NULL);
84 }
85
86 /*
87 * Cancellation cleanup handler.
88 * If we were cancelled in waitpid(), create a daemon thread to
89 * reap our abandoned child. No other thread can do this for us.
90 * It would be better if there were a system call to disinherit
91 * a child process (give it to init, just as though we exited).
92 */
93 static void
94 cleanup(void *arg)
95 {
96 cleanup_t *cup = arg;
97
98 if (cup->pid != 0) { /* we were cancelled; abandoning our pid */
99 (void) thr_sigsetmask(SIG_SETMASK, &maskset, NULL);
100 (void) thr_create(NULL, 0,
101 reapchild, (void *)(uintptr_t)cup->pid,
102 THR_DAEMON, NULL);
103 }
104
105 lmutex_lock(&sys_lock);
106 if (--sys_count == 0) { /* leaving system() */
107 /*
108 * There are no remaining threads in system(), so
109 * restore the SIGINT and SIGQUIT signal actions.
110 */
111 (void) sigaction(SIGINT, &sys_ibuf, NULL);
112 (void) sigaction(SIGQUIT, &sys_qbuf, NULL);
113 }
114 lmutex_unlock(&sys_lock);
115
116 (void) thr_sigsetmask(SIG_SETMASK, &cup->savemask, NULL);
117 }
118
119 int
120 system(const char *cmd)
121 {
122 cleanup_t cu;
123 pid_t w;
124 int status;
125 int error;
126 sigset_t mask;
127 struct stat64 buf;
128 const char *shpath = _PATH_BSHELL;
129 char *argv[4];
130 posix_spawnattr_t attr;
131 static const char *shell = "sh";
132
133 if (cmd == NULL) {
134 if (stat64(shpath, &buf) != 0) {
135 return (0);
136 } else if (getuid() == buf.st_uid) {
137 /* exec for user */
138 if ((buf.st_mode & 0100) == 0)
139 return (0);
140 } else if (getgid() == buf.st_gid) {
141 /* exec for group */
142 if ((buf.st_mode & 0010) == 0)
143 return (0);
144 } else if ((buf.st_mode & 0001) == 0) { /* exec for others */
145 return (0);
146 }
147 return (1);
148 }
149
150 /*
151 * Initialize the posix_spawn() attributes structure.
152 *
153 * The setting of POSIX_SPAWN_WAITPID_NP ensures that no
154 * wait-for-multiple wait() operation will reap our child
155 * and that the child will not be automatically reaped due
156 * to the disposition of SIGCHLD being set to be ignored.
157 * Only a specific wait for the specific pid will be able
158 * to reap the child. Since no other thread knows the pid
159 * of our child, this should be safe enough.
160 *
161 * The POSIX_SPAWN_NOEXECERR_NP flag tells posix_spawn() not
162 * to fail if the shell cannot be executed, but rather cause
163 * a child to be created that simply performs _exit(127).
164 * This is in order to satisfy the Posix requirement on system():
165 * The system function shall behave as if a child process were
166 * created using fork(), and the child process invoked the sh
167 * utility using execl(). If some error prevents the command
168 * language interpreter from executing after the child process
169 * is created, the return value from system() shall be as if
170 * the command language interpreter had terminated using
171 * exit(127) or _exit(127).
172 */
173 error = posix_spawnattr_init(&attr);
174 if (error == 0)
175 error = posix_spawnattr_setflags(&attr,
176 POSIX_SPAWN_SETSIGMASK | POSIX_SPAWN_SETSIGDEF |
177 POSIX_SPAWN_NOSIGCHLD_NP | POSIX_SPAWN_WAITPID_NP |
178 POSIX_SPAWN_NOEXECERR_NP);
179
180 /*
181 * The POSIX spec for system() requires us to block SIGCHLD,
182 * the rationale being that the process's signal handler for
183 * SIGCHLD, if any, should not be called when our child exits.
184 * This doesn't work for a multithreaded process because some
185 * other thread could receive the SIGCHLD.
186 *
187 * The above setting of POSIX_SPAWN_NOSIGCHLD_NP ensures that no
188 * SIGCHLD signal will be posted for our child when it exits, so
189 * we don't have to block SIGCHLD to meet the intent of the spec.
190 * We block SIGCHLD anyway, just because the spec requires it.
191 */
192 (void) sigemptyset(&mask);
193 (void) sigaddset(&mask, SIGCHLD);
194 (void) thr_sigsetmask(SIG_BLOCK, &mask, &cu.savemask);
195 /*
196 * Tell posix_spawn() to restore the signal mask in the child.
197 */
198 if (error == 0)
199 error = posix_spawnattr_setsigmask(&attr, &cu.savemask);
200
201 /*
202 * We are required to set the disposition of SIGINT and SIGQUIT
203 * to be ignored for the duration of the system() operation.
204 *
205 * We allow more than one thread to call system() concurrently by
206 * keeping a count of such threads. The signal actions are set
207 * to SIG_IGN when the first thread calls system(). They are
208 * restored in cleanup() when the last thread exits system().
209 *
210 * However, system() is still MT-unsafe because sigaction() has
211 * a process-wide effect and some other thread may also be
212 * setting the signal actions for SIGINT or SIGQUIT.
213 */
214 lmutex_lock(&sys_lock);
215 if (sys_count++ == 0) {
216 (void) sigaction(SIGINT, &ignore, &sys_ibuf);
217 (void) sigaction(SIGQUIT, &ignore, &sys_qbuf);
218 }
219 lmutex_unlock(&sys_lock);
220
221 /*
222 * If SIGINT and SIGQUIT were not already SIG_IGN, tell
223 * posix_spawn() to make them SIG_DFL in the child,
224 * else leave them as SIG_IGN in the child.
225 */
226 (void) sigemptyset(&mask);
227 if (sys_ibuf.sa_handler != SIG_IGN)
228 (void) sigaddset(&mask, SIGINT);
229 if (sys_qbuf.sa_handler != SIG_IGN)
230 (void) sigaddset(&mask, SIGQUIT);
231 if (error == 0)
232 error = posix_spawnattr_setsigdefault(&attr, &mask);
233
234 argv[0] = (char *)shell;
235 argv[1] = "-c";
236 argv[2] = (char *)cmd;
237 argv[3] = NULL;
238 if (error == 0)
239 error = posix_spawn(&cu.pid, shpath, NULL, &attr,
240 (char *const *)argv, (char *const *)_environ);
241
242 (void) posix_spawnattr_destroy(&attr);
243
244 if (error) {
245 errno = error;
246 status = -1;
247 } else {
248 /*
249 * system() is a cancellation point and so is waitpid().
250 */
251 pthread_cleanup_push(cleanup, &cu);
252 do {
253 w = waitpid(cu.pid, &status, 0);
254 } while (w == -1 && errno == EINTR);
255 pthread_cleanup_pop(0);
256 if (w == -1)
257 status = -1;
258 }
259 error = errno;
260 cu.pid = 0;
261 cleanup(&cu);
262 errno = error;
263
264 return (status);
265 }