Prevent mutating the global environment pointer in `CommandExt::exec` and opt to use execve and resolve path manually by asder8215 · Pull Request #157144 · rust-lang/rust

asder8215 · 2026-05-30T07:04:28Z

This PR fixes the bug described in #156951 where CommandExt::exec mutating the global environment pointer could cause correctness issue with concurrent exec calls (also this function holds an environment read lock, so it shouldn't cause any writes to the global environment pointer anyways). We do everything within CommandExt::exec via execve than execvp, which means we have to resolve the path manually.

I took reference to what was done in an archived (Feb 2026) upstream mirror of glibc's execvp and execvpe. I also took reference to #55359 on how they implemented the concerned portion of CommandExt::exec with execve. There's also this OpenBSD libc implementation of execvpe that I saw, but I didn't deeply take a look at this one and saw how it differ.

Other than that, I'm unsure how to handle the error ETIMEOUT/TimedOut as glibc breaks parsing through the PATH environment variable value and returns the error while #55359 continues parsing.

Let me know if you also want me to put some of execve code in a helper function or refactor it in other ways.

…nd opt to use execve and resolve path manually

rustbot · 2026-05-30T07:04:33Z

r? @joboet

rustbot has assigned @joboet.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

Why was this reviewer chosen?

The reviewer was selected based on:

Owners of files modified in this PR: @ChrisDenton, libs
@ChrisDenton, libs expanded to 8 candidates
Random selection from Mark-Simulacrum, joboet

joboet

I highly recommend having a look at the POSIX specification – GNU/Linux mostly follows that, but the specification sometimes leaves some things unspecified and we should be careful not to break those.

Also, this is currently unsound, we cannot perform any memory allocation in do_exec, since it's called after fork for the standard spawn path. You probably need to preallocate some memory when creating the Command (or when setting certain parameters).

View changes since this review

joboet · 2026-05-30T12:17:43Z

+                    None => c"/bin:/usr/bin".to_bytes_with_nul(),
+                }
+            }
+            None => parent_path.as_bytes_with_nul(),


I recommend moving the environment variable lookup here so that it's only performed when actually needed.

rustbot · 2026-05-30T12:50:15Z

Reminder, once the PR becomes ready for a review, use @rustbot ready.

…confstr_as_cstring added to get a CString value returned by confstr, added CStringArray::from_ptr, added default_path and shell_argv fields to unix Command, and refactored do_exec code

…om a single passthrough in envp, match on errno values directly instead of ErrorKind, fix shell_argv CStringArray value.

joboet · 2026-06-08T13:23:33Z

+            assert_failed(index, len);
+        }
+
+        self.ptrs.insert(index, item.into_raw());


This leaks the string if insert panics (see #155748, I made this mistake before).

View changes since the review

joboet

It's starting to look quite good!

View changes since this review

…remove confstr_as_cstr, remove unnecessary shell_argv field/funtions + unused functions from CStringArray, use slice::split to delimit on colons

…cumentation for returning an error from execve

Prevent mutating the global environment pointer in CommandExt::exec a…

50dded6

…nd opt to use execve and resolve path manually

rustbot assigned joboet May 30, 2026

rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-libs Relevant to the library team, which will review and decide on the PR/issue. labels May 30, 2026

This comment has been minimized.

Sign in to view

joboet requested changes May 30, 2026

View reviewed changes

rustbot added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels May 30, 2026

Perform all memory allocations necessary for do_exec before forking; …

18c1585

…confstr_as_cstring added to get a CString value returned by confstr, added CStringArray::from_ptr, added default_path and shell_argv fields to unix Command, and refactored do_exec code

rustbot added the O-unix Operating system: Unix-like label May 31, 2026

asder8215 requested a review from joboet May 31, 2026 05:02

rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. and removed S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. labels May 31, 2026

asder8215 commented May 31, 2026

View reviewed changes

Comment thread library/std/src/sys/process/unix/unix.rs Outdated

joboet requested changes Jun 6, 2026

View reviewed changes

rustbot added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Jun 6, 2026

asder8215 requested a review from joboet June 8, 2026 08:36

rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. and removed S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. labels Jun 8, 2026

asder8215 commented Jun 8, 2026

View reviewed changes

Comment thread library/std/src/sys/process/unix/common/cstring_array.rs Outdated

This comment has been minimized.

Sign in to view

Pre-allocate a buffer with the maximum path length that we'll have fr…

8319b09

…om a single passthrough in envp, match on errno values directly instead of ErrorKind, fix shell_argv CStringArray value.

asder8215 force-pushed the commandext_exec_bug_fix branch from 213bb02 to 8319b09 Compare June 8, 2026 09:23

This comment has been minimized.

Sign in to view

asder8215 commented Jun 8, 2026

View reviewed changes

Comment thread library/std/src/sys/process/unix/unix.rs Outdated

joboet requested changes Jun 8, 2026

View reviewed changes

rustbot removed the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Jun 8, 2026

rustbot added the S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. label Jun 8, 2026

joboet reviewed Jun 8, 2026

View reviewed changes

Comment thread library/std/src/sys/process/unix/unix.rs Outdated

asder8215 requested a review from joboet June 9, 2026 22:31

rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. and removed S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. labels Jun 9, 2026

joboet reviewed Jun 11, 2026

View reviewed changes

Comment thread library/std/src/sys/pal/unix/conf.rs Outdated

Comment thread library/std/src/sys/process/unix/common.rs Outdated

asder8215 force-pushed the commandext_exec_bug_fix branch from 46fcd5d to d818868 Compare June 11, 2026 14:44

asder8215 requested a review from joboet June 11, 2026 14:44

asder8215 force-pushed the commandext_exec_bug_fix branch from d818868 to 22776c7 Compare June 11, 2026 14:45

joboet requested changes Jun 11, 2026

View reviewed changes

Comment thread library/std/src/sys/pal/unix/conf.rs Outdated

Comment thread library/std/src/sys/process/unix/unix.rs Outdated

Comment thread library/std/src/sys/process/unix/unix.rs Outdated

Comment thread library/std/src/sys/process/unix/unix.rs Outdated

rustbot added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Jun 11, 2026

asder8215 force-pushed the commandext_exec_bug_fix branch from 22776c7 to df73301 Compare June 11, 2026 20:13

asder8215 requested a review from joboet June 11, 2026 20:14

rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. and removed S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. labels Jun 11, 2026

joboet reviewed Jun 11, 2026

View reviewed changes

Comment thread library/std/src/sys/process/unix/unix.rs Outdated

joboet reviewed Jun 11, 2026

View reviewed changes

Comment thread library/std/src/sys/process/unix/unix.rs Outdated

Search for PATH environment variable from maybe_envp/environ() once, …

0ecb419

…remove confstr_as_cstr, remove unnecessary shell_argv field/funtions + unused functions from CStringArray, use slice::split to delimit on colons

asder8215 force-pushed the commandext_exec_bug_fix branch from df73301 to 0ecb419 Compare June 11, 2026 22:36

asder8215 requested a review from joboet June 11, 2026 22:40

joboet reviewed Jun 12, 2026

View reviewed changes

Comment thread library/std/src/sys/process/unix/unix.rs Outdated

Comment thread library/std/src/sys/process/unix/unix.rs

asder8215 requested a review from joboet June 12, 2026 12:38

joboet reviewed Jun 12, 2026

View reviewed changes

Comment thread library/std/src/sys/process/unix/unix.rs Outdated

asder8215 force-pushed the commandext_exec_bug_fix branch from e3d0663 to 9851b0a Compare June 12, 2026 16:19

asder8215 requested a review from joboet June 12, 2026 16:19

asder8215 force-pushed the commandext_exec_bug_fix branch from 9851b0a to b4723b8 Compare June 12, 2026 16:20

Account for paths with separator byte at the end and added further do…

df00000

…cumentation for returning an error from execve

asder8215 force-pushed the commandext_exec_bug_fix branch from b4723b8 to df00000 Compare June 12, 2026 16:21

Uh oh!

Conversation

asder8215 commented May 30, 2026 • edited by rustbot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

rustbot commented May 30, 2026

Uh oh!

This comment has been minimized.

joboet left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

joboet May 30, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

rustbot commented May 30, 2026

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

This comment has been minimized.

This comment has been minimized.

Uh oh!

Uh oh!

Uh oh!

joboet Jun 8, 2026 • edited by rustbot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

joboet left a comment • edited by rustbot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

asder8215 commented May 30, 2026 •

edited by rustbot

Loading

joboet left a comment •

edited

Loading

joboet Jun 8, 2026 •

edited by rustbot

Loading

joboet left a comment •

edited by rustbot

Loading