939684 – sys-apps/sysvinit: inittab does not support command chaining with &&, || or ;

Bug 939684 - sys-apps/sysvinit: inittab does not support command chaining with &&, || or ;

Summary: sys-apps/sysvinit: inittab does not support command chaining with &&, || or ;

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	William Hubbs

URL:
Whiteboard:
Keywords:	PATCH

Depends on:
Blocks:

Reported:	2024-09-15 07:55 UTC by Marius Dinu
Modified:	2024-12-29 10:29 UTC (History)
CC List:	3 users (show)

See Also:	https://github.com/slicer69/sysvinit/issues/25
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marius Dinu 2024-09-15 07:55:08 UTC

A quote from the inittab man page:

---
Please note that including certain characters in the process field will result in init attempting to launch a shell to interpret the command contained in the process field.  The characters which will trigger a shell are: ˜‘!$ˆ&*()=|}[];
---

According to this quote, inittab should support command chaining.

Add this to /etc/inittab:

ww:c:once:echo TEST1a ; echo TEST1b
wx:c:once:echo TEST2a && echo TEST2b
wy:c:once:/bin/false || echo TEST3
wz:c:once:echo TEST4 > /dev/tty11

Then run:

telinit c

Expected output:

TEST1a
TEST1b
TEST2a
TEST2b
TEST3

... on current console and:

TEST4

... on tty11

Actual output:

TEST1a
TEST2a

There is no TEST1b, TEST2b, TEST3 or TEST4.

Thank you.

Comment 1 Enne Eziarc 2024-09-15 15:42:10 UTC

Looking at the source (init.c line 1103) it seems to be a logic error: sysvinit does spawn a shell (as documented), but first it prepends "exec " to the whole command line (this part isn't), which smells like premature optimization to me.

That means the only way it's ever going to execute more than one command is if you shell-inject a prefix that causes the exec to fail. I don't have any sysvinit systems, but I'm pretty confident that if you add "wv:c:once:/notfound && echo TEST5" it'll produce output.

Comment 2 Marius Dinu 2024-09-15 18:27:13 UTC

I'm using sh -c "command && command", but I'm hoping this gets fixed.

Comment 3 Marius Dinu 2024-09-15 18:36:43 UTC

Is this the source you're looking at?
https://github.com/slicer69/sysvinit/

What's the procedure in this case? Should I report it there?

Comment 4 Enne Eziarc 2024-09-15 20:15:13 UTC

(In reply to Marius Dinu from comment #3)
> Is this the source you're looking at?
> https://github.com/slicer69/sysvinit/
> 
> What's the procedure in this case? Should I report it there?

I'm going by what `emerge --fetchonly sysvinit` grabbed, which looks to be that one. The git log says this code's been like that for 15+ years (probably much longer, as github seems to be showing incomplete history), but I'd say go ahead and report it there anyway.

Fixing this has a small but non-zero chance of surprising people inadvertently reliant on the broken behaviour, but that'd also happen if they switched to something else with inittab support (busybox, systemd, upstart).

Comment 5 Sam James archtester

2024-09-17 21:59:32 UTC

Yes, please do (and link it here).

Comment 6 Marius Dinu 2024-09-18 17:37:15 UTC

https://github.com/slicer69/sysvinit/issues/25
Waiting for v3.11 release.

The command chaining fix is here:
https://github.com/slicer69/sysvinit/commit/24234e7eb320e59d5944281024e3246c1827cdd7
The man page fix is here:
https://github.com/slicer69/sysvinit/commit/65cac9970edd3be9d671719300a4ce4b6c7aeb85

I'm going to test them this weekend, ahead of official release.

Comment 7 Sam James archtester

2024-09-18 17:39:36 UTC

Many thanks.

Comment 8 Marius Dinu 2024-12-29 10:29:57 UTC

sysvinit-3.12-r1.ebuild is available. Closing this issue.