On Sun, Jun 09, 2019 at 10:13:55AM -0700, Andrew Gregory wrote:
---
systemvp should pretty much be a drop-in replacement for system with the exception that it takes an argv array and uses exec. If anybody wants to play with it to stress test it a little, I have a self-contained copy and test program at: https://github.com/andrewgregory/snippets/blob/systemv/c/systemv.c
TODO: * update docs * fix debug logging * should the command be run with PATH lookup (execv vs execvp)? * Is the use of mmap with MAP_ANONYMOUS okay? MAP_ANONYMOUS is not POSIX but "most systems also support MAP_ANONYMOUS (or its synonym MAP_ANON)" (mmap(2)). * should we reset signals prior to exec'ing like we do with hooks/scripts?
This issue was assigned CVE-2019-18182. https://security.archlinux.org/CVE-2019-18182 I'm fixing the AVG whenever pacman 5.2 is released if Xfer isn't included. -- Morten Linderud PGP: 9C02FF419FECBE16