vista: backport execve escaping and using cocmd as shell for system, etc. (#660)

* Introduce testlib_extract() helper * Have execve() escape double quotes in cmd.exe's preferred style This makes it possible for us to use system() and popen() with paths that redirect to filenames that contain spaces, e.g. system("echo.com hello >\"hello there.txt\"") It's difficult to solve this problem, because WIN32 only allows passing one single argument when launching programs and each program is allowed to tokenize that however it wants. Most software follows the convention of cmd.exe which is poorly documented and positively byzantine. In the future we're going to solve this by not using cmd.exe at all and instead embedding the cocmd.com interpreter into the system() function. In the meantime, our documentation has been updated to help recalibrate any expectation the user might hold regarding the security of using the Windows command interpreter. Fixes #644 * Introduce double quote support in cocmd.com shell * Add some tests for execve() * Embed cocmd.com interpreter for system() / open() This change lets you use system() in an easier and portable way. The problem with the call in the past has always been that bourne and cmd.com on Windows have less than nothing in common, so pretty much the only command system() could be used for across platforms was maybe echo. cmd.exe is also a security liability due to its escaping rules. Since cocmd.com implements 85% of what we need from bourne, in a really tiny way, it makes perfect sense to be embedded in these functionss. We get a huge performance boost too. Fixes #644 * Support whitespace after cocmd output redirection Co-authored-by: Justine Tunney <jtunney@gmail.com>
2025-07-06 19:28:29 +00:00 · 2022-10-12 00:17:50 -04:00 · 2022-10-12 00:17:50 -04:00 · 9c5a7795ad
commit 9c5a7795ad
parent f4ff1729d1
28 changed files with 622 additions and 401 deletions
--- a/libc/stdio/getrandom.c
+++ b/libc/stdio/getrandom.c
@ -56,9 +56,9 @@ static bool have_getrandom;
 *
 * The following flags may be specified:
 *
- * - GRND_RANDOM: Halt the entire system while I tap an entropy pool
+ * - `GRND_RANDOM`: Halt the entire system while I tap an entropy pool
 *   so small that it's hard to use statistics to test if it's random
- * - GRND_NONBLOCK: Do not wait for i/o events or me to jiggle my
+ * - `GRND_NONBLOCK`: Do not wait for i/o events or me to jiggle my
 *   mouse, and instead return immediately the moment data isn't
 *   available, even if the result needs to be -1 w/ EAGAIN
 *
@ -68,6 +68,8 @@ static bool have_getrandom;
 * @note this function could block a nontrivial time on old computers
 * @note this function is indeed intended for cryptography
 * @note this function takes around 900 cycles
+ * @raise EINVAL if `f` is invalid
+ * @raise ENOSYS on bare metal
 * @asyncsignalsafe
 * @restartable
 * @vforksafe
@ -81,8 +83,10 @@ ssize_t getrandom(void *p, size_t n, unsigned f) {
  const char *via;
  sigset_t neu, old;
  if (n > 256) n = 256;
-  if ((f & ~(GRND_RANDOM | GRND_NONBLOCK))) return einval();
-  if (IsWindows()) {
+  if ((f & ~(GRND_RANDOM | GRND_NONBLOCK))) {
+    rc = einval();
+    via = "n/a";
+  } else if (IsWindows()) {
    via = "RtlGenRandom";
    if (RtlGenRandom(p, n)) {
      rc = n;