coreutils: Protect against env -a for security

[oech3]

env -a false ls does not fail. Works under masked /proc.
Closes #10135

[github-actions]

GNU testsuite comparison:

Skip an intermittent issue tests/tty/tty-eof (fails in this run but passes in the 'main' branch)
Skipping an intermittent issue tests/misc/usage_vs_getopt (passes in this run but fails in the 'main' branch)
Skipping an intermittent issue tests/shuf/shuf-reservoir (passes in this run but fails in the 'main' branch)
Skipping an intermittent issue tests/sort/sort-stale-thread-mem (passes in this run but fails in the 'main' branch)
Note: The gnu test tests/basenc/bounded-memory is now being skipped but was previously passing.

[github-actions]

GNU testsuite comparison:

Skip an intermittent issue tests/shuf/shuf-reservoir (fails in this run but passes in the 'main' branch)
Skip an intermittent issue tests/sort/sort-stale-thread-mem (fails in this run but passes in the 'main' branch)

[codspeed-hq]

Merging this PR will not alter performance

✅ 309 untouched benchmarks
⏩ 46 skipped benchmarks¹

---

_{Comparing oech3:auxval (84e2ec0) with main (7920971)}

Footnotes

1. 46 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

[github-actions]

GNU testsuite comparison:

GNU test failed: tests/cut/bounded-memory. tests/cut/bounded-memory is passing on 'main'. Maybe you have to rebase?
Congrats! The gnu test tests/pr/bounded-memory is no longer failing!

[ChrisDryden]

I think it would make sense for this code to go into the validation.rs file instead of in the main.rs, then you don't have to worry about importing libc.

It would be good to have an additional integration test that shows the env -a working

[github-actions]

GNU testsuite comparison:

Congrats! The gnu test tests/tail/tail-n0f is now passing!

[github-actions]

GNU testsuite comparison:

Skip an intermittent issue tests/shuf/shuf-reservoir (fails in this run but passes in the 'main' branch)
Skip an intermittent issue tests/sort/sort-stale-thread-mem (fails in this run but passes in the 'main' branch)
Congrats! The gnu test tests/tail/tail-n0f is now passing!

[github-actions]

GNU testsuite comparison:

Congrats! The gnu test tests/tail/tail-n0f is now passing!

[github-actions]

GNU testsuite comparison:

GNU test failed: tests/cut/bounded-memory. tests/cut/bounded-memory is passing on 'main'. Maybe you have to rebase?
GNU test failed: tests/pr/bounded-memory. tests/pr/bounded-memory is passing on 'main'. Maybe you have to rebase?
Congrats! The gnu test tests/tail/tail-n0f is now passing!

[github-actions]

GNU testsuite comparison:

GNU test failed: tests/env/env. tests/env/env is passing on 'main'. Maybe you have to rebase?
Skipping an intermittent issue tests/tail/follow-name (passes in this run but fails in the 'main' branch)

[oech3]

Is read()ing #! faster than reading /proc/self/exe?

[oech3]

I did too many conversion for file pathes. Please drop them by review...

[github-actions]

GNU testsuite comparison:

Skip an intermittent issue tests/date/date-locale-hour (fails in this run but passes in the 'main' branch)
Note: The gnu test tests/cp/copy-FMR is now being skipped but was previously passing.
Note: The gnu test tests/shuf/shuf-reservoir is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-stale-thread-mem is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-u-FMR is now being skipped but was previously passing.
Congrats! The gnu test tests/tail/pipe-f is now passing!

[github-actions]

GNU testsuite comparison:

GNU test failed: tests/misc/io-errors. tests/misc/io-errors is passing on 'main'. Maybe you have to rebase?
Skipping an intermittent issue tests/date/date-locale-hour (passes in this run but fails in the 'main' branch)
Note: The gnu test tests/cp/copy-FMR is now being skipped but was previously passing.
Note: The gnu test tests/cut/cut-huge-range is now being skipped but was previously passing.
Note: The gnu test tests/shuf/shuf-reservoir is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-stale-thread-mem is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-u-FMR is now being skipped but was previously passing.
Note: The gnu test tests/tail/tail-n0f is now being skipped but was previously passing.
Note: The gnu test tests/env/env-signal-handler was skipped on 'main' but is now failing.

[github-actions]

GNU testsuite comparison:

Skip an intermittent issue tests/date/resolution (fails in this run but passes in the 'main' branch)
Skipping an intermittent issue tests/pr/bounded-memory (passes in this run but fails in the 'main' branch)
Note: The gnu test tests/cp/copy-FMR is now being skipped but was previously passing.
Note: The gnu test tests/shuf/shuf-reservoir is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-stale-thread-mem is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-u-FMR is now being skipped but was previously passing.
Note: The gnu test tests/env/env-signal-handler was skipped on 'main' but is now failing.

[github-actions]

GNU testsuite comparison:

Note: The gnu test tests/cp/copy-FMR is now being skipped but was previously passing.
Note: The gnu test tests/dd/no-allocate is now being skipped but was previously passing.
Note: The gnu test tests/shuf/shuf-reservoir is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-stale-thread-mem is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-u-FMR is now being skipped but was previously passing.

[oech3]

is this ok?

[oech3]

@Ecordonnier ok?

[github-actions]

GNU testsuite comparison:

Skip an intermittent issue tests/cut/bounded-memory (fails in this run but passes in the 'main' branch)
Skip an intermittent issue tests/pr/bounded-memory (fails in this run but passes in the 'main' branch)
Skipping an intermittent issue tests/tail/symlink (passes in this run but fails in the 'main' branch)
Note: The gnu test tests/cp/copy-FMR is now being skipped but was previously passing.
Note: The gnu test tests/shuf/shuf-reservoir is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-stale-thread-mem is now being skipped but was previously passing.
Note: The gnu test tests/sort/sort-u-FMR is now being skipped but was previously passing.

[Ecordonnier]

@Ecordonnier ok?

yes, sorry for the delay

[Ecordonnier]

Btw, this is not only a security fix. For instance there is a bug in Cursor which is packaged using AppImage:

The integrated terminal of cursor starts uutils-coreutils with a wrong value of arv[0]. See https://forum.cursor.com/t/argv-0-is-replaced-with-cursor-bin-appimage/44878

This is explained here:
https://github.com/AppImage/AppImageKit/wiki/Creating-AppImages/cc2441518975caca23e9ce2dba6f08a22c678d1e :

AppImages of type-2 sets the file name to ARGV0. This can cause problems in applications running zsh as a child process. In such applications, you need to create your own AppRun and unset ARGV0.

So this PR should fix this issue.

[oech3]

I think AppImage should support AT_EXECFN instead, but fixing it at here is not too bad.

[oech3]

@Ecordonnier Can we mix raw and libc backends or directly use raw's execfn function? We might switch to libc backend for LD_PRELOAD GnuTests.