Since NUL usually terminates strings in underlying syscalls, allowing
it when converting string arguments is a security risk, especially
when dealing with filenames. For example, a program might reason that
filename like "/root/..\x00/" is a subdirectory or "/root/" and allow
access to it, while underlying syscall will treat "\x00" as an end of
that string and the actual filename will be "/root/..", which might
be unexpected. Returning EINVAL when string arguments have NUL in
them makes sure this attack vector is unusable.
R=golang-dev, r, bradfitz, fullung, rsc, minux.ma
CC=golang-dev
https://golang.org/cl/6458050
make syscall.ProcAttr.Files be []uintptr
all.bash passes on Linux.
things seem to compile on GOOS={darwin,windows}
R=golang-dev, mattn.jp, alex.brainman, rsc
CC=golang-dev
https://golang.org/cl/5653055
- syscall (not os) now defines the Errno type.
- the low-level assembly functions Syscall, Syscall6, and so on
return Errno, not uintptr
- syscall wrappers all return error, not uintptr.
R=golang-dev, mikioh.mikioh, r, alex.brainman
CC=golang-dev
https://golang.org/cl/5372080
On windows, the command line is passed as a single null-terminated string. While the automatic parameter escaping done by syscall.StartProcess works fine with most Windows programs, some applications do their own custom parsing of the command line, in which case the automatic escaping becomes harmful.
This CL adds a new extra CmdLine field to syscall.ProcAttr that will be used as the raw/unescaped command line if not empty.
Fixes#1849.
R=golang-dev, alex.brainman, bradfitz, rsc
CC=golang-dev
https://golang.org/cl/4548050
The SW_HIDE parameter looks like the only way for a windows GUI application to execute a CLI subcommand without having a shell windows appearing.
R=brainman, golang-dev, bradfitzgo, rsc1
CC=golang-dev
https://golang.org/cl/4439055
- StartProcess will work with relative (to attr.Dir, not
current directory) executable filenames
- StartProcess will only work if executable filename points
to the real file, it will not search for executable in the
$PATH list and others (see CreateProcess manual for details)
- StartProcess argv strings can contain any characters
R=golang-dev, r
CC=golang-dev
https://golang.org/cl/4306041
so that spawned processes avoid inheriting pipes.
Implement CloseOnExec.
Make file and pipe handles inheritable.
R=rsc, brainman, vincent.vanackere
CC=golang-dev
https://golang.org/cl/4126047