Very Computer

by **Chip Salzenbe** » Sat, 05 May 1990 01:02:30

[Unix-specific; followups to comp.unix.questions]

Quote:>system ("command > /dev/null 2>&1");

Beware system(). It calls /bin/sh to do its dirty work, which is one
reason it's so attractive to novice Unix programmers. However, if
anything in the command line is non-constant, then system() usally is
a security hole. Ignoring buffer size issues for the moment,
consider:

sprintf(buf, "/usr/lib/sendmail -oem '%s' <%s", address, tempfile);
system(buf);

Looks great, right? But what if the address is "'; rm -rf $HOME; '"?
Bzzt! You lose the security sweepstakes. I hope you have backups...
--

by **Leslie Mikese** » Sat, 12 May 1990 03:50:38

>Beware system(). It calls /bin/sh to do its dirty work, which is one
>reason it's so attractive to novice Unix programmers. However, if
>anything in the command line is non-constant, then system() usally is
>a security hole. Ignoring buffer size issues for the moment,
>consider:
> sprintf(buf, "/usr/lib/sendmail -oem '%s' <%s", address, tempfile);
> system(buf);
>Looks great, right? But what if the address is "'; rm -rf $HOME; '"?
>Bzzt! You lose the security sweepstakes. I hope you have backups...

This brings up an interesting question: How many unix mailers will consider
the ";`|<>" characters (and spaces) to be valid address characters and
thus present them to rmail or uux on a shell command line?

Les Mikesell

Very Computer

Controlling stdin and stdouts of other executables

Controlling stdin and stdouts of other executables

Controlling stdin and stdouts of other executables