Date: Thu, 31 Jan 2002 14:26:23 +0300 (MSK)
From: "Artem 'Zazoobr' Ignatjev" <timon@memphis.mephi.ru>
To: FreeBSD-gnats-submit@freebsd.org
Subject: bin/34483: wrong execv() call in amd for ${mount} and ${unmount} if mount type:=program in amd.map
Message-ID: <200201311126.g0VBQNp55541@memphis.mephi.ru>
next in thread | raw e-mail | index | archive | help
>Number: 34483
>Category: bin
>Synopsis: wrong execv() call in amd for ${mount} and ${unmount} if mount type:=program in amd.map
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jan 31 03:30:02 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Artem 'Zazoobr' Ignatjev
>Release: FreeBSD 4.4-RELEASE i386
>Organization:
Moscow Engineering-Physical Institute (MEPhI)
>Environment:
System: FreeBSD memphis.mephi.ru 4.4-RELEASE FreeBSD 4.4-RELEASE #3: Sun Nov 18 00:46:03 MSK 2001 root@:/usr/src/sys/compile/LOCAL i386
>Description:
amd(4) is a daemon which automatically mounts filesystems whenever a file or directory
within that filesystem is accessed.
The 'program' filesystem type (type:=program) allows a program to be run whenever a
mount or unmount of filesystem is requested.
However, the following code from contrib/amd/amd/amfs_program.c (from /usr/src/ hierarchy)
makes that somewhat tricky:
$Id: amfs_program.c,v 1.5 1999/09/30 21:01:30 ezk Exp $
(line 116) static int
amfs_program_exec(char *info)
{
char **xivec;
int error;
/*
* Split copy of command info string
*/
info = strdup(info);
if (info == 0)
return ENOBUFS;
xivec = strsplit(info, ' ', '\'');
/*
* Put stdout to stderr
*/
/* ... skip ... */
(line 156) if (xivec[0] == 0 || xivec[1] == 0) {
errno = EINVAL;
plog(XLOG_USER, "1st/2nd args missing to (un)mount program");
} else {
(void) execv(xivec[0], xivec + 1);
}
Notice the line in `else' clause: it calls program xivec[0], giving it
arguments (INCLUDING argv[0] which supposed to be program name) since xivec[1], of course,
this don't works, and called program `looses' its first argument.
Also, no docs from contrib/amd/doc, written in tex/texi are neither formatted nor installed
in /usr/share ierarchy ( I was unsuccessful trying to find formatted docs, at least)
>How-To-Repeat:
To check that, try adding this line to your amd.map:
test type:=program;mount:="/usr/bin/logger request to mount ${path}";unmount:="/usr/bin/logger trying to unmount ${path}"
then reload map using killall (as root)
killall -1 amd
and then try to chdir to the 'test' directory in toplevel directory for amd (/mnt in my case)
cd /mnt/test
This will cause amd(8) to try mount the "test" directory by calling the ${mount} program, which
is supposed to be `/usr/bin/logger request to mount /mnt/test', where "/mnt/test" is the value of
${path} variable, but will fail, since execv(2) will look as follows:
execv("/usr/bin/logger", {"request", "to", "mount", "/mnt/test"})
and program is expected to be run by
execv("/usr/bin/logger", {"/usr/bin/logger", "request", "to", "mount", "/mnt/test"})
>Fix:
--- contrib/amd/amd/amfs_program.c.orig
+++ contrib/amd/amd/amfs_program.c
@@ -155,11 +155,11 @@
if (xivec[0] == 0 || xivec[1] == 0) {
errno = EINVAL;
plog(XLOG_USER, "1st/2nd args missing to (un)mount program");
} else {
- (void) execv(xivec[0], xivec + 1);
+ (void) execv(xivec[0], xivec);
}
/*
* Save error number
*/
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201311126.g0VBQNp55541>