mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-06-26 14:28:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

vista: backport execve escaping and using cocmd as shell for system, etc. (#660)

Browse source 
* Introduce testlib_extract() helper

* Have execve() escape double quotes in cmd.exe's preferred style

This makes it possible for us to use system() and popen() with paths
that redirect to filenames that contain spaces, e.g.

    system("echo.com hello >\"hello there.txt\"")

It's difficult to solve this problem, because WIN32 only allows passing
one single argument when launching programs and each program is allowed
to tokenize that however it wants. Most software follows the convention
of cmd.exe which is poorly documented and positively byzantine.

In the future we're going to solve this by not using cmd.exe at all and
instead embedding the cocmd.com interpreter into the system() function.
In the meantime, our documentation has been updated to help recalibrate
any expectation the user might hold regarding the security of using the
Windows command interpreter.

Fixes #644

* Introduce double quote support in cocmd.com shell

* Add some tests for execve()

* Embed cocmd.com interpreter for system() / open()

This change lets you use system() in an easier and portable way. The
problem with the call in the past has always been that bourne and
cmd.com on Windows have less than nothing in common, so pretty much the
only command system() could be used for across platforms was maybe echo.
cmd.exe is also a security liability due to its escaping rules.

Since cocmd.com implements 85% of what we need from bourne, in a really
tiny way, it makes perfect sense to be embedded in these functionss. We
get a huge performance boost too.

Fixes #644

* Support whitespace after cocmd output redirection

Co-authored-by: Justine Tunney <jtunney@gmail.com>
This commit is contained in:
Gavin Hayes 2022-10-12 00:17:50 -04:00 committed by GitHub
parent f4ff1729d1
commit 9c5a7795ad
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
28 changed files with 622 additions and 401 deletions
Download patch file Download diff file Expand all files Collapse all files

10
libc/stdio/popen.c
View file

@ -29,6 +29,16 @@
/**
* Spawns subprocess and returns pipe stream.
*
* This embeds the cocmd.com shell interpreter which supports a limited
* subset of the bourne shell that's significantly faster:
*
* - pipelines
* - single quotes
* - double quotes
* - input redirection, e.g. `<path`
* - output redirection, e.g. `>path`, `>>append`, `2>err.txt, `2>&1`
*
* @see pclose()
*/
FILE *popen(const char *cmdline, const char *mode) {