dave wrote:
> >char sys_string[1024];
> >...
> >bzero(sys_string,1024);
> >strcpy(sys_string,"slider 10 | fit_it -f ");
> >strcat(sys_string,fileName);
> >strcat(sys_string," -xmgr | xmgr-dynamic -source stdin&");
> >system(sys_string);
> >...
>
>
> Warning: a programming moron is about to speak:-
>
> Wouldn't the fact that you building your string in a static buffer cause
> security probs?
> ie writing beyond the end.....of 1024,
Only if the program is going to be setuid/setgid, or is a networking
daemon.
Buffer overruns can enable the user to execute arbitrary code.
However, this isn't an issue if the the person running the program has
the ability to execute arbitrary code anyhow (assuming that the
program isn't setuid/setgid).
> but then i'm not sure if:-
>
> char sys_string[1024];
>
> would be allocated on the stack anyway....
It would. global variables, `static' local variables, and memory
allocated by malloc() are allocated in the data segment.
Other local variables, function parameters, and memory allocated by
alloca() are allocated on the stack.
--
Glynn Clements <[EMAIL PROTECTED]>
