From 0eebd3a28e968844ec459298ac36e16305cc07bb Mon Sep 17 00:00:00 2001
From: Harald Welte <laforge@gnumonks.org>
Date: Sun, 26 Dec 2010 22:49:27 +0100
Subject: [PATCH] don't execve() a shell process but always double-fork and
 then exec the program directly

---
 action.cpp |  4 +++-
 route.c    | 10 ++++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/action.cpp b/action.cpp
index b7dfc58..352efb4 100644
--- a/action.cpp
+++ b/action.cpp
@@ -1976,9 +1976,11 @@ void EndpointAppPBX::action_execute(void)
 		end_trace();
 		return;
 	}
+#if 0
 	argv[i++] = (char *)"/bin/sh";
 	argv[i++] = (char *)"-c";
 	argv[i++] = command;
+#endif
 	argv[i++] = command;
 	if ((rparam = routeparam(e_action, PARAM_PARAM))) {
 		argv[i++] = rparam->string_value;
@@ -1999,7 +2001,7 @@ void EndpointAppPBX::action_execute(void)
 		case 0:
 			/* To be shure there are no zombies created double fork */
 			if ((pid2 = fork()) == 0) {
-				execve("/bin/sh", argv, environ);
+				execve(command, argv, environ);
 			}
 			else {
 				/* Exit immediately and release the waiting parent. The subprocess falls to init because the parent died */
diff --git a/route.c b/route.c
index f72d6b0..8217ff1 100644
--- a/route.c
+++ b/route.c
@@ -1902,6 +1902,7 @@ struct route_action *EndpointAppPBX::route(struct route_ruleset *ruleset)
 	struct admin_list	*admin;
 	time_t			now;
 	struct tm		*now_tm;
+	int			pid2;
 
 	/* reset timeout action */
 	e_match_to_action = NULL;
@@ -2071,9 +2072,11 @@ struct route_action *EndpointAppPBX::route(struct route_ruleset *ruleset)
 
 				case MATCH_EXECUTE:
 				j = 0;
+#if 0
 				argv[j++] = (char *)"/bin/sh";
 				argv[j++] = (char *)"-c";
 				argv[j++] = cond->string_value;
+#endif
 				argv[j++] = cond->string_value;
 				argv[j++] = e_extdialing;
 				argv[j++] = (char *)numberrize_callerinfo(e_callerinfo.id, e_callerinfo.ntype, options.national, options.international);
@@ -2083,8 +2086,11 @@ struct route_action *EndpointAppPBX::route(struct route_ruleset *ruleset)
 				argv[j++] = isdn_port;
 				argv[j++] = e_callerinfo.imsi;
 				argv[j++] = NULL; /* check also number of args above */
-				if (execve("/bin/sh", argv, environ) == 0)
-					istrue = 1;
+				if (fork() == 0) {
+					if ((pid2 = fork()) == 0) {
+						execve(cond->string_value, argv, environ);
+					}
+				}
 				break;
 
 				case MATCH_DEFAULT:
-- 
2.13.6