On Thu, 2008-07-10 at 15:12 +0200, Denys Vlasenko wrote:
> You misunderstood me. I said "If something can be made to use PATH"
> in a sense "if a program needs to start another program, for God's sake,
> do NOT hardcode [/usr/][s]bin prefix!" In other words:
>
> execve("/bin/vi"...); // BAD
> execvp("vi"...); // OK
>
> Slightly less obvious:
>
> char *executable_name;
> ...
> execve(executable_name...); // BAD
> execvp(executable_name...); // OK
>
> You won't believe it, but I had hard time convincing people
> that second form is better in example #2.
That depends. You can make programs do things it was not designed to du
by tweaking environment variables.
If your app is suid root then you should not use execvp.
create a ~/bin/vi app that does evil things
PATH=$HOME/bin/vi <program>
if <program> does what you recommend execvp("vi"...) then we have a nice
privilege elevation bug.
-nc
_______________________________________________
busybox mailing list
busybox@busybox.net
http://busybox.net/cgi-bin/mailman/listinfo/busybox
