os/exec: Plan 9 build has been broken by a Windows security fix (also breaks 1.19.3 and 1.18.8)

[millerresearch]

CL 446915 fixes a security vulnerability on Windows (#56284), by rejecting environment variables containing NUL in os/exec.Cmd. In Plan 9, NULs in environment variables are not only permitted but required: the path variable uses NUL as the os.PathListSeparator character. Since the environment almost always contains path, this effectively breaks os/exec, on which go build depends.

The change has already been back-ported to 1.19.3 and 1.18.8, so those releases also won't build for Plan 9.

Plan 9 does not exhibit the vulnerability to NULs because it implements environment variables in a completely different way.

Therefore we could safely correct this issue by making the rejection of NUL conditional on runtime.GOOS != "plan9" or on os.PathListSeparator != '\000'.

[mdempsky]

@gopherbot Please backport to 1.18 and 1.19. The Windows security fix inadvertently broke Plan 9.

[gopherbot]

Backport issue(s) opened: #56550 (for 1.18), #56551 (for 1.19).

Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases.

[gopherbot]

Change https://go.dev/cl/447715 mentions this issue: os/exec: allow NUL in environment variables on Plan 9

[mdempsky]

/cc @golang/plan9 for FYI

[rsc]

If we can get a Plan 9 builder (either 386 or amd64) running on GCP VMs again, that would help with being able to run the Plan 9 tests in advance of security releases. That's #29801.

[gopherbot]

Change https://go.dev/cl/447875 mentions this issue: [release-branch.go1.18] os/exec: allow NUL in environment variables on Plan 9

[gopherbot]

Change https://go.dev/cl/447799 mentions this issue: [release-branch.go1.19] os/exec: allow NUL in environment variables on Plan 9