From owner-freebsd-bugs  Thu Jan 31  3:30:15 2002
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 9884E37B402
	for <freebsd-bugs@hub.freebsd.org>; Thu, 31 Jan 2002 03:30:02 -0800 (PST)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g0VBU2A91169;
	Thu, 31 Jan 2002 03:30:02 -0800 (PST)
	(envelope-from gnats)
Received: from memphis.mephi.ru (memphis.mephi.ru [194.67.67.234])
	by hub.freebsd.org (Postfix) with ESMTP id 04BAB37B402
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 31 Jan 2002 03:26:29 -0800 (PST)
Received: (from timon@localhost)
	by memphis.mephi.ru (8.11.6/8.11.3) id g0VBQNp55541;
	Thu, 31 Jan 2002 14:26:23 +0300 (MSK)
	(envelope-from timon)
Message-Id: <200201311126.g0VBQNp55541@memphis.mephi.ru>
Date: Thu, 31 Jan 2002 14:26:23 +0300 (MSK)
From: "Artem 'Zazoobr' Ignatjev" <timon@memphis.mephi.ru>
Reply-To: "Artem 'Zazoobr' Ignatjev" <timon@memphis.mephi.ru>
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.113
Subject: bin/34483: wrong execv() call in amd for ${mount} and ${unmount} if mount type:=program in amd.map 
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org


>Number:         34483
>Category:       bin
>Synopsis:       wrong execv() call in amd for ${mount} and ${unmount} if mount type:=program in amd.map
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 31 03:30:02 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Artem 'Zazoobr' Ignatjev
>Release:        FreeBSD 4.4-RELEASE i386
>Organization:
Moscow Engineering-Physical Institute (MEPhI)
>Environment:
System: FreeBSD memphis.mephi.ru 4.4-RELEASE FreeBSD 4.4-RELEASE #3: Sun Nov 18 00:46:03 MSK 2001 root@:/usr/src/sys/compile/LOCAL i386

>Description:
	amd(4) is a daemon which automatically mounts filesystems whenever a file or directory 
within that filesystem is accessed.
	The 'program' filesystem type (type:=program) allows a program to be run whenever a
mount or unmount of filesystem is requested.
	However, the following code from contrib/amd/amd/amfs_program.c (from /usr/src/ hierarchy)
makes that somewhat tricky:

$Id: amfs_program.c,v 1.5 1999/09/30 21:01:30 ezk Exp $

(line 116) static int
amfs_program_exec(char *info)
{
  char **xivec;
  int error;

  /*
   * Split copy of command info string
   */
  info = strdup(info);
  if (info == 0)
    return ENOBUFS;
  xivec = strsplit(info, ' ', '\'');
  /*
   * Put stdout to stderr
   */
/* ... skip ... */
(line 156) if (xivec[0] == 0 || xivec[1] == 0) {
    errno = EINVAL;
    plog(XLOG_USER, "1st/2nd args missing to (un)mount program");
  } else {
    (void) execv(xivec[0], xivec + 1);
  }

Notice the line in `else' clause: it calls program xivec[0],  giving it 
arguments (INCLUDING argv[0] which supposed to be program name) since xivec[1], of course, 
this don't works, and called program `looses' its first argument. 

Also, no docs from contrib/amd/doc, written in tex/texi are neither formatted nor installed 
in /usr/share ierarchy ( I was unsuccessful trying to find formatted docs, at least)

>How-To-Repeat:
To check that, try adding this line to your amd.map:

test	type:=program;mount:="/usr/bin/logger request to mount ${path}";unmount:="/usr/bin/logger trying to unmount ${path}"

then reload map using killall (as root) 
killall -1 amd

 and then try to chdir to the 'test' directory in toplevel directory for amd (/mnt in my case)
cd /mnt/test

This will cause amd(8) to try mount the "test" directory by calling the ${mount} program, which
is supposed to be `/usr/bin/logger request to mount /mnt/test', where "/mnt/test" is the value of
${path} variable, but will fail, since execv(2) will look as follows:
execv("/usr/bin/logger", {"request", "to", "mount", "/mnt/test"})
and program is expected to be run by
execv("/usr/bin/logger", {"/usr/bin/logger", "request", "to", "mount", "/mnt/test"})
>Fix:

--- contrib/amd/amd/amfs_program.c.orig	
+++ contrib/amd/amd/amfs_program.c	
@@ -155,11 +155,11 @@
 
   if (xivec[0] == 0 || xivec[1] == 0) {
     errno = EINVAL;
     plog(XLOG_USER, "1st/2nd args missing to (un)mount program");
   } else {
-    (void) execv(xivec[0], xivec + 1);
+    (void) execv(xivec[0], xivec);
   }
 
   /*
    * Save error number
    */
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message