Add argv[0] fallback for current_exe() on Linux when /proc is unavailable by Ecordonnier · Pull Request #153603 · rust-lang/rust

Ecordonnier · 2026-03-09T10:20:56Z

When /proc/self/exe is not accessible (e.g., in containers with masked /proc, chroot environments, or systemd services with ProtectProc=invisible), current_exe() will now fall back to parsing argv[0] and searching PATH.

This brings the Linux implementation in line with existing Rust stdlib patterns on Fuchsia, Solaris/illumos, and AIX, which also use argv[0] when direct kernel APIs are unavailable.

Fallback strategy:

Try /proc/self/exe (fast path, existing behavior)
On NotFound error, retrieve argv[0] from env::args()
If argv[0] is absolute, use it directly
If argv[0] contains '/', resolve it as relative path against getcwd()
Otherwise, search PATH for the executable (checking execute permissions)
Return NotFound error if executable not found in PATH

This handles all common invocation patterns:

Absolute path: /usr/bin/program
Relative path: ./program or ../bin/program
PATH lookup: program (searches directories in PATH)

This maintains backward compatibility: behavior is unchanged when /proc is accessible.

Fixes #46090

rustbot · 2026-03-09T10:21:00Z

r? @Mark-Simulacrum

rustbot has assigned @Mark-Simulacrum.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

Why was this reviewer chosen?

The reviewer was selected based on:

Owners of files modified in this PR: @ChrisDenton, libs
@ChrisDenton, libs expanded to 8 candidates

Mark-Simulacrum · 2026-03-22T12:43:06Z

Nominating for libs-api to discuss whether we want this or not. #152269 has some good discussion that is worth reading for that discussion, in particular #152269 (comment).

Ecordonnier · 2026-03-23T09:57:11Z

Nominating for libs-api to discuss whether we want this or not. #152269 has some good discussion that is worth reading for that discussion, in particular #152269 (comment).

Please also consider #46090 in the discussion. The comments in #152269 support the opinion that the corner-case of /proc not being present doesn't exist, while #46090 shows a real-world example of this corner-case.

…able When /proc/self/exe is not accessible (e.g., in containers with masked /proc, chroot environments, or systemd services with ProtectProc=invisible), current_exe() will now fall back to parsing argv[0] and searching PATH. This brings the Linux implementation in line with existing Rust stdlib patterns on Fuchsia, Solaris/illumos, and AIX, which also use argv[0] when direct kernel APIs are unavailable. Fallback strategy: 1. Try /proc/self/exe (fast path, existing behavior) 2. On NotFound error, retrieve argv[0] from env::args() 3. If argv[0] is absolute, use it directly 4. If argv[0] contains '/', resolve it as relative path against getcwd() 5. Otherwise, search PATH for the executable (checking execute permissions) 6. Return NotFound error if executable not found in PATH This handles all common invocation patterns: - Absolute path: `/usr/bin/program` - Relative path: `./program` or `../bin/program` - PATH lookup: `program` (searches directories in PATH) This maintains backward compatibility: behavior is unchanged when /proc is accessible. Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com>

rustbot · 2026-03-24T08:03:13Z

This PR was rebased onto a different main commit. Here's a range-diff highlighting what actually changed.

Rebasing is a normal part of keeping PRs up to date, so no action is needed—this note is just to help reviewers.

nia-e · 2026-04-01T11:21:02Z

We discussed this in last week's @rust-lang/libs-api meeting and found the possible implications too finnicky, and we'd rather just require /proc to be mounted for this method. A PR to the docs to state this may be helpful, though. Thanks!

oech3 · 2026-04-01T11:42:10Z

Oh no

Ecordonnier · 2026-04-01T17:20:38Z

We discussed this in last week's @rust-lang/libs-api meeting and found the possible implications too finnicky, and we'd rather just require /proc to be mounted for this method. A PR to the docs to state this may be helpful, though. Thanks!

Can you please give some details about the finnicky implications? Especially considering that the AIX implementation in the same file already does it this way.

nia-e · 2026-04-01T21:26:56Z

This could be a security concern where current_exe is being invoked e.g. in a SUID binary. If an implementor explicitly is okay with this fallback, argv is exposed through std::env::args

Ecordonnier · 2026-04-01T21:59:48Z

This could be a security concern where current_exe is being invoked e.g. in a SUID binary. If an implementor explicitly is okay with this fallback, argv is exposed through std::env::args

And this is not a security concern for the platforms like AIX where this behavior is already implemented in the same file?

Ecordonnier · 2026-04-01T22:06:35Z

This could be a security concern where current_exe is being invoked e.g. in a SUID binary. If an implementor explicitly is okay with this fallback, argv is exposed through std::env::args

What is the security concern with suid? argv[0] being modified?

the8472 · 2026-04-01T22:17:01Z

Tier3 targets do get less attention and have less experience on tap. Maybe it is less secure, or maybe there are mitigating circumstances how argv is populated on AIX, we don't know. Either way T3 targets usually don't directly inform choices for T1 targets.

What is the security concern with suid? argv[0] being modified?

That a less privileged parent can pass arbitrary values as argv0, yes.

oech3 · 2026-04-02T05:38:38Z

Would you consider supporting AT_EXECFN at least on Linux(Android) if hijacked argv[0] is the reason to reject this PR?

rustbot assigned Mark-Simulacrum Mar 9, 2026

rustbot added O-unix Operating system: Unix-like S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-libs Relevant to the library team, which will review and decide on the PR/issue. labels Mar 9, 2026

This comment has been minimized.

Sign in to view

Ecordonnier force-pushed the eco/fix-current_exe branch from 3f3743c to 681b21f Compare March 9, 2026 10:22

Ecordonnier mentioned this pull request Mar 9, 2026

stdbuf: Search libstdbuf without /proc uutils/coreutils#11166

Closed

This comment has been minimized.

Sign in to view

Ecordonnier force-pushed the eco/fix-current_exe branch from 681b21f to 23dfde3 Compare March 9, 2026 13:28

Mark-Simulacrum added the I-libs-api-nominated Nominated for discussion during a libs-api team meeting. label Mar 22, 2026

This comment has been minimized.

Sign in to view

Ecordonnier force-pushed the eco/fix-current_exe branch from 23dfde3 to 70771c2 Compare March 24, 2026 08:03

Mark-Simulacrum added S-waiting-on-t-libs-api Status: Awaiting decision from T-libs-api and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Mar 29, 2026

nia-e closed this Apr 1, 2026

Uh oh!

Conversation

Ecordonnier commented Mar 9, 2026

Uh oh!

rustbot commented Mar 9, 2026

Uh oh!

This comment has been minimized.

This comment has been minimized.

Mark-Simulacrum commented Mar 22, 2026

Uh oh!

Ecordonnier commented Mar 23, 2026

Uh oh!

This comment has been minimized.

rustbot commented Mar 24, 2026

Uh oh!

nia-e commented Apr 1, 2026

Uh oh!

oech3 commented Apr 1, 2026

Uh oh!

Ecordonnier commented Apr 1, 2026

Uh oh!

nia-e commented Apr 1, 2026

Uh oh!

Ecordonnier commented Apr 1, 2026

Uh oh!

Ecordonnier commented Apr 1, 2026

Uh oh!

the8472 commented Apr 1, 2026

Uh oh!

oech3 commented Apr 2, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants