home *** CD-ROM | disk | FTP | other *** search
- Xref: sparky comp.unix.programmer:5225 comp.mail.mh:1269
- Newsgroups: comp.unix.programmer,comp.mail.mh
- Path: sparky!uunet!caen!batcomputer!theory.TC.Cornell.EDU!mdw
- From: mdw@theory.TC.Cornell.EDU (Matt Welsh)
- Subject: Re: setuid programs and calls...
- Message-ID: <1992Nov10.022239.24060@tc.cornell.edu>
- Sender: news@tc.cornell.edu
- Nntp-Posting-Host: theory.tc.cornell.edu
- Organization: Cornell Theory Center
- References: <1992Nov5.220832.3217@spectrum.xerox.com> <1992Nov9.031112.21835@spectrum.xerox.com> <BxG21C.n38@cck.coventry.ac.uk>
- Date: Tue, 10 Nov 1992 02:22:39 GMT
- Lines: 25
-
- In article <BxG21C.n38@cck.coventry.ac.uk> champion@cch.coventry.ac.uk (Alun) writes:
- >I didn't see the beginning of this thread so I don't know exactly what
- >you are trying to do.
- >But doesn't system(arg) runs "sh -c arg" and therefore has some of the security
- >problems of a setuid shell script. You have not specified the full path to
- >"inc" so someone could write their own version of "inc" and as long as the
- >environment variable $PATH was configured properly it would run their version
- >of "inc" and not the intended on - same with "id".
- >Even if you did specify the full path it would still be susceptible to attacks
- >with $IFS.
-
- Yeah, I agree. I generally stay away from "system" and instead do a
- fork-and-execv, which is more numinous, and doesn't have the security and
- overhead of executing a shell just to run a single command.
-
- Using system() does make it easier to redirect output and run pipes via
- sh's > and | operators. If you use execv you'll have to "roll your own" to
- get that functionality.
-
- mdw
-
- --
- Matt Welsh mdw@tc.cornell.edu +1 607 253 2737
- Systems Programmer, Cornell Theory Center
- "She's like jelly roll, like sculpture!"
-
