Do not clean environment when executing /system/bin/sh

Cleaning the environment from LD_PRELOAD when executing /system/bin/sh breaks things such as `popen(3)` and `system(3)`.
termux-play-store · Jul 14, 2024 · 1b4e1e8 · 1b4e1e8
1 parent dc28ec6
commit 1b4e1e8
Show file tree

Hide file tree

Showing 8 changed files with 51 additions and 19 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -12,15 +12,24 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: Homebrew/actions/setup-homebrew@master
+      - uses: nttld/setup-ndk@v1
+        id: setup-ndk
+        with:
+          ndk-version: r26d
+          link-to-sdk: true
       - run: brew install clang-format
-      - run: make CC=clang
-      - run: make check CC=clang
-      - run: make unit-test CC=clang
+      - run: make CC="${ANDROID_NDK_HOME}"/toolchains/llvm/prebuilt/linux-x86_64/bin/aarch64-linux-android30-clang
+        env:
+          ANDROID_NDK_HOME: ${{ steps.setup-ndk.outputs.ndk-path }}
+      - run: make check CLANG_TIDY="${ANDROID_NDK_HOME}/toolchains/llvm/prebuilt/linux-x86_64/bin/clang-tidy --extra-arg=--target=aarch64-linux-android29"
+        env:
+          ANDROID_NDK_HOME: ${{ steps.setup-ndk.outputs.ndk-path }}
+      - run: make unit-test CC=clang HOST_BUILD=1
 
   actionlint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4 
+      - uses: actions/checkout@v4
       - name: Download actionlint
         id: get_actionlint
         run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)

diff --git a/.gitignore b/.gitignore
@@ -6,3 +6,4 @@
 *.deb
 test-binary
 tests/fexecve
+tests/system-uname
diff --git a/Makefile b/Makefile
@@ -1,8 +1,8 @@
 CC ?= clang
 TERMUX_BASE_DIR ?= /data/data/com.termux/files
-CFLAGS += -Wall -Wextra -Werror -Wshadow -fvisibility=hidden -std=c17 -Wno-error=tautological-pointer-compare
+CFLAGS += -Wall -Wextra -Werror -Wshadow -fvisibility=hidden -std=c17
 C_SOURCE := src/termux-exec.c src/exec-variants.c
-CLANG_FORMAT := clang-format --sort-includes --style="{ColumnLimit: 120}" $(C_SOURCE)
+CLANG_FORMAT := clang-format --sort-includes --style="{ColumnLimit: 120}" $(C_SOURCE) tests/fexecve.c tests/system-uname.c tests/print-argv0.c
 CLANG_TIDY ?= clang-tidy
 
 ifeq ($(SANITIZE),1)
@@ -11,12 +11,19 @@ else
   CFLAGS += -O2
 endif
 
+ifeq ($(HOST_BUILD),1)
+  CFLAGS += -Wno-error=tautological-pointer-compare
+endif
+
 libtermux-exec.so: $(C_SOURCE)
 	$(CC) $(CFLAGS) $(LDFLAGS) $(C_SOURCE) -DTERMUX_PREFIX=\"$(TERMUX_PREFIX)\" -DTERMUX_BASE_DIR=\"$(TERMUX_BASE_DIR)\" -shared -fPIC -o libtermux-exec.so
 
 tests/fexecve: tests/fexecve.c
 	$(CC) $(CFLAGS) -DTERMUX_BASE_DIR=\"$(TERMUX_BASE_DIR)\" $< -o $@
 
+tests/system-uname: tests/system-uname.c
+	$(CC) $(CFLAGS) -DTERMUX_BASE_DIR=\"$(TERMUX_BASE_DIR)\" $< -o $@
+
 $(TERMUX_BASE_DIR)/usr/bin/termux-exec-test-print-argv0: tests/print-argv0.c
 	$(CC) $(CFLAGS) $< -o $@
 
@@ -31,9 +38,9 @@ uninstall:
 
 on-device-tests:
 	make clean
-	ASAN_OPTIONS=symbolize=0,detect_leaks=0 make SANITIZE=1 on-device-tests-internal
+	ASAN_OPTIONS=symbolize=0,detect_leaks=0 make on-device-tests-internal
 
-on-device-tests-internal: libtermux-exec.so tests/fexecve $(TERMUX_BASE_DIR)/usr/bin/termux-exec-test-print-argv0
+on-device-tests-internal: libtermux-exec.so tests/fexecve tests/system-uname $(TERMUX_BASE_DIR)/usr/bin/termux-exec-test-print-argv0
 	@LD_PRELOAD=${CURDIR}/libtermux-exec.so ./run-tests.sh
 
 format:
@@ -43,8 +50,8 @@ check:
 	$(CLANG_FORMAT) --dry-run $(C_SOURCE)
 	$(CLANG_TIDY) -warnings-as-errors='*' $(C_SOURCE) -- -DTERMUX_BASE_DIR=\"$(TERMUX_BASE_DIR)\"
 
-test-binary: $(C_SOURCE)
-	$(CC) $(CFLAGS) $(LDFLAGS) $(C_SOURCE) -g -fsanitize=address -fno-omit-frame-pointer -DUNIT_TEST=1 -DTERMUX_BASE_DIR=\"$(TERMUX_BASE_DIR)\" -o test-binary
+test-binary: src/termux-exec.c src/exec-variants.c
+	$(CC) $(CFLAGS) $(LDFLAGS) $^ -g -fsanitize=address -fno-omit-frame-pointer -DUNIT_TEST=1 -DTERMUX_BASE_DIR=\"$(TERMUX_BASE_DIR)\" -o test-binary
 
 deb: libtermux-exec.so
 	termux-create-package termux-exec-debug.json

diff --git a/src/termux-exec.c b/src/termux-exec.c
@@ -350,7 +350,9 @@ __attribute__((visibility("default"))) int execve(const char *executable_path, c
   char executable_path_resolved_buffer[PATH_MAX];
   char const *executable_path_resolved = realpath(executable_path, executable_path_resolved_buffer);
   char const *path_to_use = executable_path_resolved ? executable_path_resolved : executable_path;
-  bool wrap_in_linker = (strstr(path_to_use, TERMUX_BASE_DIR) == path_to_use);
+  bool wrap_in_linker = (strstr(path_to_use, TERMUX_BASE_DIR) == path_to_use)
+                        // /system/bin/sh is fine, it only uses libc++, libc, and libdl.
+                        || (strcmp(path_to_use, "/system/bin/sh") == 0);
 
   // Avoid interfering with Android /system software by removing
   // LD_PRELOAD and LD_LIBRARY_PATH from env if executing something

diff --git a/tests/fexecve.c b/tests/fexecve.c
@@ -3,12 +3,15 @@
 #include <unistd.h>
 
 int main() {
-    const char* path_to_echo = TERMUX_BASE_DIR "/usr/bin/sh";
-    int fd = open(path_to_echo, O_RDONLY);
-    if (fd < 0) perror("open");
-    char* args[] = {"sh", "-c", "echo hello fexecve", NULL};
-    char* env[] = {NULL};
-    fexecve(fd, args, env);
-    perror("fexecve");
-    return 0;
+  const char *path_to_echo = TERMUX_BASE_DIR "/usr/bin/sh";
+  int fd = open(path_to_echo, O_RDONLY);
+  if (fd < 0) {
+    perror("open");
+    return 1;
+  }
+  char *args[] = {"sh", "-c", "echo hello fexecve", NULL};
+  char *env[] = {NULL};
+  fexecve(fd, args, env);
+  perror("fexecve");
+  return 0;
 }
diff --git a/tests/system-uname.c b/tests/system-uname.c
@@ -0,0 +1,6 @@
+#include <stdlib.h>
+
+int main() {
+  system("uname");
+  return 0;
+}
diff --git a/tests/system-uname.sh b/tests/system-uname.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+./tests/system-uname
diff --git a/tests/system-uname.sh-expected b/tests/system-uname.sh-expected
@@ -0,0 +1 @@
+Linux