env: fix handling of real-time signals

The nix::sys::signal::Signal enum type does not cover real-time signals.
In the current env code, this means that trying to block e.g. SIGRTMIN+7
is silently ignored, apply_signal_action() silently drops signals that
cannot be represented as that enum.

However, the enum cannot simply be extended to represent the real-time
signals, because SIGRTMIN and SIGRTMAX cannot be considered constants.

To workaround this, do not use the Signal enum type, and use libc where
needed instead of the wrappers.

Fixes: #11151

Author: enr0n

src/uu/env/src/env.rs

@@ -3,7 +3,7 @@
 // For the full copyright and license information, please view the LICENSE
 // file that was distributed with this source code.
 
-// spell-checker:ignore (ToDO) chdir progname subcommand subcommands unsets setenv putenv spawnp SIGSEGV SIGBUS sigaction Sigmask sigprocmask elidable
+// spell-checker:ignore (ToDO) chdir progname subcommand subcommands unsets setenv putenv spawnp SIGSEGV SIGBUS sigaction Sigmask sigprocmask elidable sigset sigaddset sigemptyset
 
 pub mod native_int_str;
 pub mod split_iterator;
@@ -20,10 +20,7 @@ use native_int_str::{
 #[cfg(unix)]
 use nix::libc;
 #[cfg(unix)]
-use nix::sys::signal::{
-    SigHandler::{SigDfl, SigIgn},
-    SigSet, SigmaskHow, Signal, signal, sigprocmask,
-};
+use nix::sys::signal::{SigSet, SigmaskHow, Signal, sigprocmask};
 #[cfg(unix)]
 use nix::unistd::execvp;
 use std::borrow::Cow;
@@ -37,13 +34,18 @@ use std::io;
 use std::io::Write as _;
 use std::io::stderr;
 #[cfg(unix)]
+use std::mem::zeroed;
+#[cfg(unix)]
 use std::os::unix::ffi::OsStrExt;
 
 use uucore::display::{Quotable, print_all_env_vars};
 use uucore::error::{ExitCode, UError, UResult, USimpleError, UUsageError};
 use uucore::line_ending::LineEnding;
 #[cfg(unix)]
-use uucore::signals::{signal_by_name_or_value, signal_name_by_value, signal_number_upper_bound};
+use uucore::signals::{
+    realtime_signal_bounds, signal_by_name_or_value, signal_name_by_value,
+    signal_number_upper_bound,
+};
 use uucore::translate;
 use uucore::{format_usage, show_warning};
 
@@ -294,19 +296,6 @@ fn build_signal_request(
     Ok(request)
 }
 
-#[cfg(unix)]
-fn signal_from_value(sig_value: usize) -> UResult<Signal> {
-    Signal::try_from(sig_value as i32).map_err(|_| {
-        USimpleError::new(
-            125,
-            translate!(
-                "env-error-invalid-signal",
-                "signal" => sig_value.to_string().quote()
-            ),
-        )
-    })
-}
-
 fn load_config_file(opts: &mut Options) -> UResult<()> {
     // NOTE: config files are parsed using an INI parser b/c it's available and compatible with ".env"-style files
     //   ... * but support for actual INI files, although working, is not intended, nor claimed
@@ -1064,6 +1053,19 @@ fn apply_specified_env_vars(opts: &Options<'_>) {
     }
 }
 
+#[cfg(unix)]
+fn signal_is_valid(sig: usize) -> bool {
+    if Signal::try_from(sig as i32).is_err() {
+        // nix::sys::signal does not know about real-time signals, so check that
+        // ourselves.
+        if let Some((rtmin, rtmax)) = realtime_signal_bounds() {
+            return sig >= rtmin && sig <= rtmax;
+        }
+    }
+
+    true
+}
+
 #[cfg(unix)]
 fn apply_signal_action<F>(
     request: &SignalRequest,
@@ -1072,15 +1074,16 @@ fn apply_signal_action<F>(
     signal_fn: F,
 ) -> UResult<()>
 where
-    F: Fn(Signal) -> UResult<()>,
+    F: Fn(usize) -> UResult<()>,
 {
     request.for_each_signal(|sig_value, explicit| {
         // On some platforms ALL_SIGNALS may contain values that are not valid in libc.
         // Skip those invalid ones and continue (GNU env also ignores undefined signals).
-        let Ok(sig) = signal_from_value(sig_value) else {
+        if !signal_is_valid(sig_value) {
             return Ok(());
-        };
-        signal_fn(sig)?;
+        }
+
+        signal_fn(sig_value)?;
         log.record(sig_value, action_kind, explicit);
 
         // Set environment variable to communicate to Rust child processes
@@ -1096,9 +1099,14 @@ where
 }
 
 #[cfg(unix)]
-fn ignore_signal(sig: Signal) -> UResult<()> {
+fn ignore_signal(sig: usize) -> UResult<()> {
     // SAFETY: This is safe because we write the handler for each signal only once, and therefore "the current handler is the default", as the documentation requires it.
-    let result = unsafe { signal(sig, SigIgn) };
+    // nix::sys::signal::Signal does not cover real-time signals, so we need to call
+    // libc::signal directly.
+    let result = unsafe {
+        let res = libc::signal(sig as libc::c_int, libc::SIG_IGN);
+        nix::errno::Errno::result(res)
+    };
     if let Err(err) = result {
         return Err(USimpleError::new(
             125,
@@ -1109,8 +1117,13 @@ fn ignore_signal(sig: Signal) -> UResult<()> {
 }
 
 #[cfg(unix)]
-fn reset_signal(sig: Signal) -> UResult<()> {
-    let result = unsafe { signal(sig, SigDfl) };
+fn reset_signal(sig: usize) -> UResult<()> {
+    // nix::sys::signal::Signal does not cover real-time signals, so we need to call
+    // libc::signal directly.
+    let result = unsafe {
+        let res = libc::signal(sig as libc::c_int, libc::SIG_DFL);
+        nix::errno::Errno::result(res)
+    };
     if let Err(err) = result {
         return Err(USimpleError::new(
             125,
@@ -1121,9 +1134,37 @@ fn reset_signal(sig: Signal) -> UResult<()> {
 }
 
 #[cfg(unix)]
-fn block_signal(sig: Signal) -> UResult<()> {
-    let mut set = SigSet::empty();
-    set.add(sig);
+fn block_signal(sig: usize) -> UResult<()> {
+    // nix::sys::signal::Signal does not cover real time signals, so we need to build
+    // sigset_t manually using libc.
+    let set = unsafe {
+        let mut sigset: libc::sigset_t = zeroed();
+
+        if let Err(err) = nix::errno::Errno::result(libc::sigemptyset(&raw mut sigset)) {
+            return Err(USimpleError::new(
+                125,
+                translate!(
+                    "env-error-failed-set-signal-action",
+                    "signal" => (sig as i32),
+                    "error" => err.desc()
+                ),
+            ));
+        }
+        if let Err(err) =
+            nix::errno::Errno::result(libc::sigaddset(&raw mut sigset, sig as libc::c_int))
+        {
+            return Err(USimpleError::new(
+                125,
+                translate!(
+                    "env-error-failed-set-signal-action",
+                    "signal" => (sig as i32),
+                    "error" => err.desc()
+                ),
+            ));
+        }
+        SigSet::from_sigset_t_unchecked(sigset)
+    };
+
     if let Err(err) = sigprocmask(SigmaskHow::SIG_BLOCK, Some(&set), None) {
         return Err(USimpleError::new(
             125,

tests/by-util/test_env.rs

@@ -945,6 +945,21 @@ fn test_env_block_signal_flag() {
         .no_stderr();
 }
 
+#[test]
+#[cfg(any(target_os = "linux", target_os = "android"))]
+fn test_env_block_realtime_signal() {
+    new_ucmd!()
+        .env("PATH", PATH)
+        .args(&["--block-signal=SIGRTMIN+7", "true"])
+        .succeeds()
+        .no_stderr();
+    new_ucmd!()
+        .env("PATH", PATH)
+        .args(&["--block-signal=SIGRTMAX-7", "true"])
+        .succeeds()
+        .no_stderr();
+}
+
 #[test]
 #[cfg(unix)]
 fn test_env_list_signal_handling_reports_ignore() {