[pacman-dev] [PATCH 2/2] [WIP] run XferCommand via exec
Morten Linderud
foxboron at archlinux.org
Thu Oct 17 15:04:50 UTC 2019
On Thu, Oct 17, 2019 at 05:01:46PM +0200, Morten Linderud wrote:
> On Sun, Jun 09, 2019 at 10:13:55AM -0700, Andrew Gregory wrote:
> > ---
> >
> > systemvp should pretty much be a drop-in replacement for system with
> > the exception that it takes an argv array and uses exec. If anybody
> > wants to play with it to stress test it a little, I have
> > a self-contained copy and test program at:
> > https://github.com/andrewgregory/snippets/blob/systemv/c/systemv.c
> >
> > TODO:
> > * update docs
> > * fix debug logging
> > * should the command be run with PATH lookup (execv vs execvp)?
> > * Is the use of mmap with MAP_ANONYMOUS okay? MAP_ANONYMOUS is
> > not POSIX but "most systems also support MAP_ANONYMOUS (or its
> > synonym MAP_ANON)" (mmap(2)).
> > * should we reset signals prior to exec'ing like we do with
> > hooks/scripts?
>
> This issue was assigned CVE-2019-18182.
>
> https://security.archlinux.org/CVE-2019-18182
>
> I'm fixing the AVG whenever pacman 5.2 is released if Xfer isn't included.
>
Uh. I might not have paid attention. Eli mentioned on -security Xfer might not
be included in the upcomming release, but then anthraxx pointed out it's in
master :o Whats the status?
--
Morten Linderud
PGP: 9C02FF419FECBE16
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/pacman-dev/attachments/20191017/2a73449e/attachment.sig>
More information about the pacman-dev
mailing list