From 47f743f12ecc581d15d9dedd512592f2a9ae4dcc Mon Sep 17 00:00:00 2001 From: Michael Kerrisk Date: Wed, 16 Aug 2017 23:18:50 +0200 Subject: [PATCH] chroot.2, clone.2, epoll_wait.2, execve.2, getgroups.2: ffix Signed-off-by: Michael Kerrisk --- man2/chroot.2 | 10 ++++++---- man2/clone.2 | 12 +++++++----- man2/epoll_wait.2 | 28 ++++++++++++++++------------ man2/execve.2 | 22 +++++++++++----------- man2/getgroups.2 | 14 ++++++++------ 5 files changed, 48 insertions(+), 38 deletions(-) diff --git a/man2/chroot.2 b/man2/chroot.2 index 503335b4c..3a465ad0a 100644 --- a/man2/chroot.2 +++ b/man2/chroot.2 @@ -104,10 +104,12 @@ so that after the call \(aq\fI.\fP\(aq can be outside the tree rooted at \(aq\fI/\fP\(aq. In particular, the superuser can escape from a "chroot jail" by doing: -.nf - - mkdir foo; chroot foo; cd .. -.fi +.PP +.in +4n +.EX +mkdir foo; chroot foo; cd .. +.EE +.in .PP This call does not close open file descriptors, and such file descriptors may allow access to files outside the chroot tree. diff --git a/man2/clone.2 b/man2/clone.2 index eb6903a0d..c80b37ed6 100644 --- a/man2/clone.2 +++ b/man2/clone.2 @@ -1214,13 +1214,15 @@ argument includes .BR CLONE_VM .) To get the truth, it was sometimes necessary to use code such as the following: .PP -.nf - #include +.in +4n +.EX +#include - pid_t mypid; +pid_t mypid; - mypid = syscall(SYS_getpid); -.fi +mypid = syscall(SYS_getpid); +.EE +.in .\" See also the following bug reports .\" https://bugzilla.redhat.com/show_bug.cgi?id=417521 .\" http://sourceware.org/bugzilla/show_bug.cgi?id=6910 diff --git a/man2/epoll_wait.2 b/man2/epoll_wait.2 index 47e4fbaa6..40828f26a 100644 --- a/man2/epoll_wait.2 +++ b/man2/epoll_wait.2 @@ -129,22 +129,26 @@ becomes ready or until a signal is caught. The following .BR epoll_pwait () call: -.nf - - ready = epoll_pwait(epfd, &events, maxevents, timeout, &sigmask); - -.fi +.PP +.in +4n +.EX +ready = epoll_pwait(epfd, &events, maxevents, timeout, &sigmask); +.EE +.in +.PP is equivalent to .I atomically executing the following calls: -.nf +.PP +.in +4n +.EX +sigset_t origmask; - sigset_t origmask; - - pthread_sigmask(SIG_SETMASK, &sigmask, &origmask); - ready = epoll_wait(epfd, &events, maxevents, timeout); - pthread_sigmask(SIG_SETMASK, &origmask, NULL); -.fi +pthread_sigmask(SIG_SETMASK, &sigmask, &origmask); +ready = epoll_wait(epfd, &events, maxevents, timeout); +pthread_sigmask(SIG_SETMASK, &origmask, NULL); +.EE +.in .PP The .I sigmask diff --git a/man2/execve.2 b/man2/execve.2 index a2d4fa5ff..eef3c1808 100644 --- a/man2/execve.2 +++ b/man2/execve.2 @@ -721,7 +721,7 @@ The following program is designed to be execed by the second program below. It just echoes its command-line arguments, one per line. .PP .in +4n -.nf +.EX /* myecho.c */ #include @@ -737,14 +737,14 @@ main(int argc, char *argv[]) exit(EXIT_SUCCESS); } -.fi +.EE .in .PP This program can be used to exec the program named in its command-line argument: +.PP .in +4n -.nf - +.EX /* execve.c */ #include @@ -768,20 +768,20 @@ main(int argc, char *argv[]) perror("execve"); /* execve() returns only on error */ exit(EXIT_FAILURE); } -.fi +.EE .in .PP We can use the second program to exec the first as follows: .PP .in +4n -.nf +.EX .RB "$" " cc myecho.c \-o myecho" .RB "$" " cc execve.c \-o execve" .RB "$" " ./execve ./myecho" argv[0]: ./myecho argv[1]: hello argv[2]: world -.fi +.EE .in .PP We can also use these programs to demonstrate the use of a script @@ -791,25 +791,25 @@ To do this we create a script whose "interpreter" is our program: .PP .in +4n -.nf +.EX .RB "$" " cat > script" .B #!./myecho script-arg .B ^D .RB "$" " chmod +x script" -.fi +.EE .in .PP We can then use our program to exec the script: .PP .in +4n -.nf +.EX .RB "$" " ./execve ./script" argv[0]: ./myecho argv[1]: script-arg argv[2]: ./script argv[3]: hello argv[4]: world -.fi +.EE .in .SH SEE ALSO .BR chmod (2), diff --git a/man2/getgroups.2 b/man2/getgroups.2 index e6900adf6..9fdc0a0a8 100644 --- a/man2/getgroups.2 +++ b/man2/getgroups.2 @@ -169,12 +169,14 @@ is inherited from the parent process, and preserved across an .PP The maximum number of supplementary group IDs can be found at run time using .BR sysconf (3): -.nf - - long ngroups_max; - ngroups_max = sysconf(_SC_NGROUPS_MAX); - -.fi +.PP +.in +4n +.EX +long ngroups_max; +ngroups_max = sysconf(_SC_NGROUPS_MAX); +..EE +.in +.EE The maximum return value of .BR getgroups () cannot be larger than one more than this value.