[Bug]: With 1.118.0, execve can execute wget + echo. Post v1.129 Termux, execve of wget gives Permission denied

[SwuduSusuwu]

Problem description

For the last 2 years Fdroid, just has Termux up to 1.118.0,
but everyone kept saying that it was important to get the new Termux ( termux/termux-app#2155 at last has progress ),
thus switched to Google Store to get v1.129 of Termux

What steps will reproduce the bug?

~/ $ .git clone https://github.com/SwuduSusuwu/SubStack.git && cd ./Substack/ && ./build.sh > /dev/null
~/SubStack $ ./a.out
cxx/Macros.hxx: pass
execves(): pass
execvex(): pass
virusAnalysisTestsThrows(): pass
assistantCnsTestsThrows(): /data/data/com.termux/files/usr/bin/sh: 1: wget: Permission denied
/data/data/com.termux/files/usr/bin/sh: 1: wget: Permission denied
Trap
~/SubStack $

What is the expected behavior?

~/SubStack $ ./a.out
cxx/Macros.hxx: pass
execves(): pass
execvex(): pass
virusAnalysisTestsThrows(): pass
conversationCnsTestsThrows(): --2024-06-15 18:22:01--  https://stackoverflow.com/robots.txt
Resolving stackoverflow.com (stackoverflow.com)... 172.64.155.249, 104.18.32.7
Connecting to stackoverflow.com (stackoverflow.com)|172.64.155.249|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/plain]
Saving to: ‘robots.txt’

robots.txt                                   [ <=>                                                                              ]   1.99K  --.-KB/s    in 0.07s

2024-06-15 18:22:02 (27.4 KB/s) - ‘robots.txt’ saved [2036]

System information

~/SubStack $ termux-info
Termux Variables:
TERMUX_EXEC__PROC_SELF_EXE=/data/data/com.termux/files/usr/bin/termux-info
TERMUX_VERSION=0.129
TERMUX__USER_ID=0
Packages CPU architecture:
aarch64
Subscribed repositories:
# sources.list
deb https://termux.net stable main
Updatable packages:
All packages up to date
termux-tools version:
3.0.7
Android version:
14
Device manufacturer:
Google
LD Variables:
LD_LIBRARY_PATH=
LD_PRELOAD=/data/data/com.termux/files/usr/lib/libtermux-exec.so

[fornwall]

@SwuduSusuwu Thanks for reporting!

For now you need to keep the LD_PRELOAD environment variable around while spawning sub processes, while currently the code clears all environment variables before calling out to sh.

A possible change is like:

diff --git a/cxx/ClassCns.cxx b/cxx/ClassCns.cxx
index fff52df..652429a 100644
--- a/cxx/ClassCns.cxx
+++ b/cxx/ClassCns.cxx
@@ -31,6 +31,14 @@ const int execves(const std::vector<const std::string> &argvS, const std::vector
        for(auto x = envpSmutable.begin(); envpSmutable.end() != x; ++x) {
                envp.push_back(const_cast<char *>(x->c_str()));
        }
+       char* ld_preload = getenv("LD_PRELOAD");
+       if (ld_preload) {
+               // Keep LD_PRELOAD, necessary for now on the Google Play build of Termux.
+               char* ld_preload_env;
+               int allocated_bytes = asprintf(&ld_preload_env, "LD_PRELOAD=%s", ld_preload);
+               assert(allocated_bytes > 0);
+               envp.push_back(ld_preload_env);
+       }
        envp.push_back(NULL);
        execve(argv[0], &argv[0], &envp[0]); /* NORETURN */
        exit(EXIT_FAILURE);

In the future we might not need this, but for now it's necessary.

[SwuduSusuwu]

In the future we might not need this, but for now it's necessary.

Cool workaround (is success,) but missed the note (that new versions might not require this;) now unsure if should have closed. Oops

[fornwall]

No problem, I think we can close this specific issue! Thanks!