Skip to content

refactor: use execvp directly instead of process::Command #9013

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

refactor: use execvp directly instead of process::Command #9013

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
f10599d
refactor: use execvp directly instead of process::Command
mattsu2020 Oct 25, 2025
09d7390
refactor(chroot): replace manual execvp with ProcessCommand for safer…
mattsu2020 Oct 25, 2025
9dabf96
test(chroot): add tests for error handling and UID/GID retention
mattsu2020 Oct 27, 2025
6524f50
chore: add 'noexec' to cspell jargon wordlist for spell checking
mattsu2020 Oct 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .vscode/cspell.dictionaries/jargon.wordlist.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ nocache
nocreat
noctty
noerror
noexec
nofollow
nolinks
nonblock
Expand Down
36 changes: 12 additions & 24 deletions src/uu/chroot/src/chroot.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,13 @@ mod error;
use crate::error::ChrootError;
use clap::{Arg, ArgAction, Command};
use std::ffi::CString;
use std::io::Error;
use std::io::{Error, ErrorKind};
use std::os::unix::prelude::OsStrExt;
use std::os::unix::process::CommandExt;
use std::path::{Path, PathBuf};
use std::process;
use std::process::Command as ProcessCommand;
use uucore::entries::{Locate, Passwd, grp2gid, usr2uid};
use uucore::error::{UResult, UUsageError, set_exit_code};
use uucore::error::{UResult, UUsageError};
use uucore::fs::{MissingHandling, ResolveMode, canonicalize};
use uucore::libc::{self, chroot, setgid, setgroups, setuid};
use uucore::{format_usage, show};
Expand Down Expand Up @@ -205,33 +206,20 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> {

assert!(!command.is_empty());
let chroot_command = command[0];
let chroot_args = &command[1..];

// NOTE: Tests can only trigger code beyond this point if they're invoked with root permissions
set_context(&options)?;

let pstatus = match process::Command::new(chroot_command)
.args(chroot_args)
.status()
{
Ok(status) => status,
Err(e) => {
return Err(if e.kind() == std::io::ErrorKind::NotFound {
ChrootError::CommandNotFound(command[0].to_string(), e)
} else {
ChrootError::CommandFailed(command[0].to_string(), e)
}
.into());
}
};
let err = ProcessCommand::new(chroot_command)
.args(&command[1..])
.exec();

let code = if pstatus.success() {
0
Err(if err.kind() == ErrorKind::NotFound {
ChrootError::CommandNotFound(chroot_command.to_owned(), err)
} else {
pstatus.code().unwrap_or(-1)
};
set_exit_code(code);
Ok(())
ChrootError::CommandFailed(chroot_command.to_owned(), err)
}
.into())
}

pub fn uu_app() -> Command {
Expand Down
68 changes: 68 additions & 0 deletions tests/by-util/test_chroot.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,53 @@ fn test_default_shell() {
}
}

#[test]
fn test_chroot_command_not_found_error() {
let ts = TestScenario::new(util_name!());
let at = &ts.fixtures;

let dir = "CHROOT_DIR";
at.mkdir(dir);

let missing = "definitely_missing_command";

if let Ok(result) = run_ucmd_as_root(&ts, &[dir, missing]) {
result
.failure()
.code_is(127)
.stderr_contains(format!("failed to run command '{missing}'"))
.stderr_contains("No such file or directory");
} else {
print!("Test skipped; requires root user");
}
}

#[test]
fn test_chroot_command_permission_denied_error() {
let ts = TestScenario::new(util_name!());
let at = &ts.fixtures;

let dir = "CHROOT_DIR";
at.mkdir(dir);

let script_path = format!("{dir}/noexec.sh");
at.write(&script_path, "#!/bin/sh\necho unreachable\n");
#[cfg(not(windows))]
{
at.set_mode(&script_path, 0o644);
}

if let Ok(result) = run_ucmd_as_root(&ts, &[dir, "/noexec.sh"]) {
result
.failure()
.code_is(126)
.stderr_contains("failed to run command '/noexec.sh'")
.stderr_contains("Permission denied");
} else {
print!("Test skipped; requires root user");
}
}

#[test]
fn test_chroot() {
let ts = TestScenario::new(util_name!());
Expand All @@ -208,6 +255,27 @@ fn test_chroot() {
}
}

#[test]
fn test_chroot_retains_uid_gid() {
let ts = TestScenario::new(util_name!());
let at = &ts.fixtures;

let dir = "CHROOT_DIR";
at.mkdir(dir);

if let Ok(result) = run_ucmd_as_root(&ts, &[dir, "id", "-u"]) {
result.success().no_stderr().stdout_is("0");
} else {
print!("Test skipped; requires root user");
}

if let Ok(result) = run_ucmd_as_root(&ts, &[dir, "id", "-g"]) {
result.success().no_stderr().stdout_is("0");
} else {
print!("Test skipped; requires root user");
}
}

#[test]
fn test_chroot_skip_chdir_not_root() {
let (at, mut ucmd) = at_and_ucmd!();
Expand Down
Loading