Skip to content

coreutils: Protect against env -a for security#10773

Merged
Ecordonnier merged 3 commits intouutils:mainfrom
oech3:auxval
Apr 4, 2026
Merged

coreutils: Protect against env -a for security#10773
Ecordonnier merged 3 commits intouutils:mainfrom
oech3:auxval

Conversation

@oech3
Copy link
Copy Markdown
Contributor

@oech3 oech3 commented Feb 6, 2026
edited
Loading

env -a false ls does not fail. Works under masked /proc.
Closes #10135

@github-actions
Copy link
Copy Markdown

github-actions bot commented Feb 6, 2026

GNU testsuite comparison:

Skip an intermittent issue tests/tty/tty-eof (fails in this run but passes in the 'main' branch)
Skipping an intermittent issue tests/misc/usage_vs_getopt (passes in this run but fails in the 'main' branch)
Skipping an intermittent issue tests/shuf/shuf-reservoir (passes in this run but fails in the 'main' branch)
Skipping an intermittent issue tests/sort/sort-stale-thread-mem (passes in this run but fails in the 'main' branch)
Note: The gnu test tests/basenc/bounded-memory is now being skipped but was previously passing.

@oech3 oech3 marked this pull request as ready for review February 6, 2026 19:18
@oech3 oech3 force-pushed the auxval branch 3 times, most recently from 01b6655 to 753f86c Compare February 7, 2026 07:47
@github-actions
Copy link
Copy Markdown

github-actions bot commented Feb 7, 2026

GNU testsuite comparison:

Skip an intermittent issue tests/shuf/shuf-reservoir (fails in this run but passes in the 'main' branch)
Skip an intermittent issue tests/sort/sort-stale-thread-mem (fails in this run but passes in the 'main' branch)

@codspeed-hq
Copy link
Copy Markdown

codspeed-hq bot commented Feb 7, 2026
edited
Loading

Merging this PR will not alter performance

✅ 309 untouched benchmarks
⏩ 46 skipped benchmarks1

Comparing oech3:auxval (84e2ec0) with main (7920971)

Open in CodSpeed

Footnotes

  1. 46 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports.

@oech3 oech3 force-pushed the auxval branch 2 times, most recently from 59e307c to ac75ff7 Compare February 8, 2026 15:58
@github-actions
Copy link
Copy Markdown

github-actions bot commented Feb 8, 2026

GNU testsuite comparison:

GNU test failed: tests/cut/bounded-memory. tests/cut/bounded-memory is passing on 'main'. Maybe you have to rebase?
Congrats! The gnu test tests/pr/bounded-memory is no longer failing!

@ChrisDryden
Copy link
Copy Markdown
Collaborator

ChrisDryden commented Feb 8, 2026

I think it would make sense for this code to go into the validation.rs file instead of in the main.rs, then you don't have to worry about importing libc.

It would be good to have an additional integration test that shows the env -a working

@oech3

This comment was marked as resolved.

Sign in to view
@oech3

This comment was marked as outdated.

Sign in to view
@oech3

This comment was marked as resolved.

Sign in to view
@oech3 oech3 force-pushed the auxval branch 3 times, most recently from 1337cbc to 40581ee Compare February 8, 2026 21:47
@github-actions
Copy link
Copy Markdown

github-actions bot commented Feb 8, 2026

GNU testsuite comparison:

Congrats! The gnu test tests/tail/tail-n0f is now passing!

@oech3 oech3 force-pushed the auxval branch 2 times, most recently from a5dd042 to 526f6fc Compare February 9, 2026 08:32
@github-actions
Copy link
Copy Markdown

github-actions bot commented Feb 9, 2026

GNU testsuite comparison:

Skip an intermittent issue tests/shuf/shuf-reservoir (fails in this run but passes in the 'main' branch)
Skip an intermittent issue tests/sort/sort-stale-thread-mem (fails in this run but passes in the 'main' branch)
Congrats! The gnu test tests/tail/tail-n0f is now passing!

@github-actions
Copy link
Copy Markdown

github-actions bot commented Feb 9, 2026

GNU testsuite comparison:

Congrats! The gnu test tests/tail/tail-n0f is now passing!

@github-actions
Copy link
Copy Markdown

github-actions bot commented Feb 9, 2026

GNU testsuite comparison:

GNU test failed: tests/cut/bounded-memory. tests/cut/bounded-memory is passing on 'main'. Maybe you have to rebase?
GNU test failed: tests/pr/bounded-memory. tests/pr/bounded-memory is passing on 'main'. Maybe you have to rebase?
Congrats! The gnu test tests/tail/tail-n0f is now passing!

@oech3 oech3 mentioned this pull request Feb 9, 2026
Merged
@oech3 oech3 marked this pull request as draft February 9, 2026 16:40
@github-actions
Copy link
Copy Markdown

github-actions bot commented Feb 11, 2026

GNU testsuite comparison:

GNU test failed: tests/env/env. tests/env/env is passing on 'main'. Maybe you have to rebase?
Skipping an intermittent issue tests/tail/follow-name (passes in this run but fails in the 'main' branch)

@oech3 oech3 mentioned this pull request Feb 15, 2026
Open
@oech3 oech3 marked this pull request as draft March 12, 2026 09:50
@oech3
Copy link
Copy Markdown
Contributor Author

oech3 commented Mar 12, 2026
edited
Loading

Is read()ing #! faster than reading /proc/self/exe?

@oech3 oech3 force-pushed the auxval branch 2 times, most recently from a2fec5c to 880c4ba Compare March 12, 2026 14:23
@oech3
Copy link
Copy Markdown
Contributor Author

oech3 commented Mar 12, 2026

I did too many conversion for file pathes. Please drop them by review...

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 12, 2026

GNU testsuite comparison:

Skip an intermittent issue tests/date/date-locale-hour (fails in this run but passes in the 'main' branch)
Note: The gnu test tests/cp/copy-FMR is now being skipped but was previously passing.
Note: The gnu test tests/shuf/shuf-reservoir is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-stale-thread-mem is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-u-FMR is now being skipped but was previously passing.
Congrats! The gnu test tests/tail/pipe-f is now passing!

@oech3 oech3 marked this pull request as ready for review March 12, 2026 14:50
@oech3 oech3 force-pushed the auxval branch 2 times, most recently from 0c8b3c6 to 3b4ab62 Compare March 12, 2026 17:11
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 12, 2026

GNU testsuite comparison:

GNU test failed: tests/misc/io-errors. tests/misc/io-errors is passing on 'main'. Maybe you have to rebase?
Skipping an intermittent issue tests/date/date-locale-hour (passes in this run but fails in the 'main' branch)
Note: The gnu test tests/cp/copy-FMR is now being skipped but was previously passing.
Note: The gnu test tests/cut/cut-huge-range is now being skipped but was previously passing.
Note: The gnu test tests/shuf/shuf-reservoir is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-stale-thread-mem is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-u-FMR is now being skipped but was previously passing.
Note: The gnu test tests/tail/tail-n0f is now being skipped but was previously passing.
Note: The gnu test tests/env/env-signal-handler was skipped on 'main' but is now failing.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 13, 2026

GNU testsuite comparison:

Skip an intermittent issue tests/date/resolution (fails in this run but passes in the 'main' branch)
Skipping an intermittent issue tests/pr/bounded-memory (passes in this run but fails in the 'main' branch)
Note: The gnu test tests/cp/copy-FMR is now being skipped but was previously passing.
Note: The gnu test tests/shuf/shuf-reservoir is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-stale-thread-mem is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-u-FMR is now being skipped but was previously passing.
Note: The gnu test tests/env/env-signal-handler was skipped on 'main' but is now failing.

@oech3 @Ecordonnier
coreutils: Protect against env -a for security
2d60946 
Co-authored-by: Etienne Cordonnier <ecordonnier@snap.com>
@oech3 oech3 force-pushed the auxval branch 2 times, most recently from c54b52f to 2d60946 Compare March 14, 2026 12:52
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 14, 2026

GNU testsuite comparison:

Note: The gnu test tests/cp/copy-FMR is now being skipped but was previously passing.
Note: The gnu test tests/dd/no-allocate is now being skipped but was previously passing.
Note: The gnu test tests/shuf/shuf-reservoir is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-stale-thread-mem is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-u-FMR is now being skipped but was previously passing.

@oech3 oech3 requested a review from Ecordonnier March 14, 2026 13:20
@oech3
Copy link
Copy Markdown
Contributor Author

oech3 commented Mar 21, 2026

is this ok?

@oech3
Copy link
Copy Markdown
Contributor Author

oech3 commented Mar 26, 2026

@Ecordonnier ok?

sylvestre
sylvestre reviewed Mar 26, 2026
View reviewed changes
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 31, 2026

GNU testsuite comparison:

Skip an intermittent issue tests/cut/bounded-memory (fails in this run but passes in the 'main' branch)
Skip an intermittent issue tests/pr/bounded-memory (fails in this run but passes in the 'main' branch)
Skipping an intermittent issue tests/tail/symlink (passes in this run but fails in the 'main' branch)
Note: The gnu test tests/cp/copy-FMR is now being skipped but was previously passing.
Note: The gnu test tests/shuf/shuf-reservoir is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-stale-thread-mem is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-u-FMR is now being skipped but was previously passing.

@oech3 oech3 mentioned this pull request Apr 1, 2026
Open
@Ecordonnier Ecordonnier merged commit b6c5dd1 into uutils:main Apr 4, 2026
170 checks passed
@Ecordonnier
Copy link
Copy Markdown
Collaborator

Ecordonnier commented Apr 4, 2026

@Ecordonnier ok?

yes, sorry for the delay

@Ecordonnier
Copy link
Copy Markdown
Collaborator

Ecordonnier commented Apr 4, 2026

Btw, this is not only a security fix. For instance there is a bug in Cursor which is packaged using AppImage:

The integrated terminal of cursor starts uutils-coreutils with a wrong value of arv[0]. See https://forum.cursor.com/t/argv-0-is-replaced-with-cursor-bin-appimage/44878

This is explained here:
https://github.com/AppImage/AppImageKit/wiki/Creating-AppImages/cc2441518975caca23e9ce2dba6f08a22c678d1e :

AppImages of type-2 sets the file name to ARGV0. This can cause problems in applications running zsh as a child process. In such applications, you need to create your own AppRun and unset ARGV0.

So this PR should fix this issue.

@oech3 oech3 deleted the auxval branch April 5, 2026 01:32
@oech3
Copy link
Copy Markdown
Contributor Author

oech3 commented Apr 5, 2026

I think AppImage should support AT_EXECFN instead, but fixing it at here is not too bad.

@oech3
Copy link
Copy Markdown
Contributor Author

oech3 commented Apr 5, 2026

@Ecordonnier Can we mix raw and libc backends or directly use raw's execfn function? We might switch to libc backend for LD_PRELOAD GnuTests.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sylvestre sylvestre sylvestre left review comments

@Ecordonnier Ecordonnier Awaiting requested review from Ecordonnier

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Incompatibility with AppArmor

4 participants

@oech3 @ChrisDryden @Ecordonnier @sylvestre