failed to run tar on Dopamine jailbroken ios15.4.1

[swigger]

Abstract

tar failed on Dopamine jailbroken ios15.4.1

Details

run tar on jailbroken ios15.4.1 reports:

minamishatekiiPhone:~ root# tar -czf a.tgz gen1.xml 
tar (child): gzip: Cannot exec: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error is not recoverable: exiting now

dig into the problem, tar will call into libiosexec!ie_execv with args ["/bin/sh", "-c", "gzip"]

Target 0: (tar1) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = instruction step into
  * frame #0: 0x00000001026b1b50 libiosexec.1.dylib`ie_execv
    frame #1: 0x000000010252e8e4 tar1`___lldb_unnamed_symbol1055 + 52
    frame #2: 0x000000010252e79c tar1`sys_child_open_for_compress + 872
    frame #3: 0x00000001025111e4 tar1`open_archive + 600
    frame #4: 0x00000001025172e8 tar1`create_archive + 92
    frame #5: 0x0000000102530d18 tar1`main + 3692
    frame #6: 0x0000000102939ce4 dyld`start + 520
(lldb) x/s $x0
0x10256636e: "/bin/sh"
(lldb) x/s ((long*)$x1)[0]
0x10256636e: "/bin/sh"
(lldb) x/s ((long*)$x1)[1]
0x102566487: "-c"
(lldb) x/s ((long*)$x1)[2]
0x1025662d3: "gzip"
(lldb) x/s ((long*)$x1)[3]
error: failed to read memory from 0x0.

However, on IOS 15.4.1 there is no /bin/sh at all, so it fails.

Recommended solution

It's common for programs like tar to hardcode /bin/sh in its source. Fixing those in all programs is to hard.
It's better to check in ie_execve, if prog is /bin/sh, then change it to DEFAULT_INTERPRETER.

Environment

IOS: 15.4.1
Dopamine version: 1.0.5
iPhone 11 64G: iPhone12,1 (A2223)

[Torrekie]

This seems also affecting some system functions like popen which calling posix_spawn using /bin/sh (_PATH_BSHELL), libiosexec will need to add a rootless popen implementation in that case