You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As of now, Exec requires the absolute path to the executable and ignores PATH. This is inconvenient when calling system executables.
This behavior is dictated by execve, which is currently used. The solution is to use execvpe instead. But it contains a potential vulnerability.
The execlp(), execvp(), and execvpe() functions duplicate the actions of the shell in searching for an executable file if the specified filename does not contain a slash (/) character. The file is sought in the colon-separated list of directory pathnames specified in the PATH environment variable. If this variable isn't defined, the path list defaults to the current directory followed by the list of directories returned by confstr(_CS_PATH). (This confstr(3) call typically returns the value "/bin:/usr/bin".)
If PATH is not defined (which is quite an exotic situation), then execvpe looks in the current directory.
The following logic is suggested:
if (!path.contains('/') && !env.contains("PATH")) {
throw ...
}
execvpe
Internal issue: TAXICOMMON-8853
The text was updated successfully, but these errors were encountered:
As of now,
Exec
requires the absolute path to the executable and ignoresPATH
. This is inconvenient when calling system executables.This behavior is dictated by
execve
, which is currently used. The solution is to useexecvpe
instead. But it contains a potential vulnerability.If
PATH
is not defined (which is quite an exotic situation), thenexecvpe
looks in the current directory.The following logic is suggested:
Internal issue: TAXICOMMON-8853
The text was updated successfully, but these errors were encountered: