Subject: Re: system(3) caveat
To: None <tech-userlevel@NetBSD.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
Date: 05/11/2006 10:01:11
> in system(3) it says
> Never supply the system() function with a command containing any part of
> an unsanitized user-supplied string. Shell meta-characters present will
> be honored by the sh(1) command interpreter.
> and I'm wondering if 'Never' means 'NEVER!', or if its ok to do that
> in my case, which is that I'm providing a user program that will act
> on an event by running a command that the user provides..
Provided all you pass to system() is the user-provided string, you
should be OK. The warning is against things like
without first verifying that user_provided_hostname is free of shell
> The command is not a suid program, is there a particular security
> issue I should be aware of?
The only one that comes to mind is that this allows the user to run
arbitrary shell commands. This is not normally a risk, but if this
gets used in an environment where some users have restricted shells
that allow them to execute only certain commands, it could open up a
way for them to bypass that restriction.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML firstname.lastname@example.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B