Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!cs.utexas.edu!jsq From: mohta@necom830.cc.titech.ac.jp (Masataka Ohta) Newsgroups: comp.std.unix Subject: Re: qfork() Message-ID: <17707@cs.utexas.edu> Date: 7 Feb 91 03:32:11 GMT References: <17633@cs.utexas.edu> Sender: jsq@cs.utexas.edu Organization: Tokyo Institute of Technology Lines: 74 Approved: jsq@cs.utexas.edu (Moderator, John S. Quarterman) X-Submissions: std-unix@uunet.uu.net Submitted-by: mohta@necom830.cc.titech.ac.jp (Masataka Ohta) In article <17633@cs.utexas.edu> peter@ficc.ferranti.com (Peter da Silva) writes: >Subject: Re: spawn() wars... please... not again... And you have already lost the war. So, please! not again! >Leave in the >fork() call, but allow a more efficient (and, let's face it, easier to >understand) alternative: spawn(). In the last war, you can't even show a specification of spawn(), because of its complexity. Every UNIX programmer understand fork() and exec(), but can't understand spawn() without its specification. >Leave in the fork() call, So, you are not trying to eliminate fork(). You should also preserve exec(), because exec() has its own purpose and several programs are actually using it without fork(). >No. Those are the safe operations between fork() and exec() on UNIX. > >POSIX looks like it's going to comprise far more than UNIX. If fork() and exec() exists in POSIX, many (if POSIX should be useful, all) operations are safe between fork() and exec(). >Look, I know you don't like spawn(). But in a lot of environments... INCLUDING >ONES THAT ARE OTHERWISE QUITE CAPABLE OF SUPPORTING A POSIX ABI... it is *not* >possible to do a safe and efficient implementation of fork(). A lot of? Can you name them? Anyway, it is the problem of that environment. It should provide safe and inefficient implementation of fork() and safe and efficient implementation of system(). If a programmer want to squeeze extra performance in some case which can not covered by system() (dose such a case actually exist?), he can do so by not using POSIX there if he think effeciency is more important than ABI. >Let's say you define vfork() as "set a flag that all posix calls that deal >with uid, signals, files, etc... look at, so they just write a "script" of >actions to take on behalf of the new process". I can't understand what you are saying. "set a flag"? What? >> Most (perhaps, more than 90%) of cases where fork/exec is necessary >> is covered by system(). spawn() is not necessary. > > No, system() and popen() can not, ever, let you pass a set of > arguments to a program without diddling by the shell. When you > have no way of knowing whether that shell will be sh, csh, ksh, > or even rc what can you do to protect yourself? Read the manual! System() and popen() always use "/bin/sh". > Who knows, I can easily imagine DEC setting things up so a user > could set his shell to DCL and hose *everything* up. User's shell has nothing to do with the behaviour of system() nor popen(). > Using system() in programs like (for example) uucp, mail handlers, > and so on is a security hole you can drive a truck through. Yes, it can be a security hole if used improperly just like many system calls. I'm sure spawn() can also be a security hole. So what? Masataka Ohta Volume-Number: Volume 22, Number 112