Controlling stdin and stdouts of other executables

Chip Salzenberg chip at tct.uucp
Fri May 4 02:02:30 AEST 1990


[Unix-specific; followups to comp.unix.questions]

According to dkeisen at Gang-of-Four.Stanford.EDU (Dave Eisen):
>system ("command > /dev/null 2>&1");

Beware system().  It calls /bin/sh to do its dirty work, which is one
reason it's so attractive to novice Unix programmers.  However, if
anything in the command line is non-constant, then system() usally is
a security hole.  Ignoring buffer size issues for the moment,
consider:

	sprintf(buf, "/usr/lib/sendmail -oem '%s' <%s", address, tempfile);
	system(buf);

Looks great, right?  But what if the address is "'; rm -rf $HOME; '"?
Bzzt!  You lose the security sweepstakes.  I hope you have backups...
-- 
Chip Salzenberg at ComDev/TCT   <chip%tct at ateng.com>, <uunet!ateng!tct!chip>



More information about the Comp.unix.questions mailing list