John.Zolnowsky at sun.com wrote: > > Template Version: @(#)sac_nextcase 1.68 02/23/09 SMI > This information is Copyright 2009 Sun Microsystems > 1. Introduction > 1.1. Project/Component Working Name: > system_noshell > 1.2. Name of Document Author/Supplier: > Author: Sumanth Naropanth > 1.3 Date of This Document: > 29 May, 2009 > 4. Technical Description > I'm sponsoring this fasttrack on behalf of Sumanth Naropanth. > This case will time out June 5, 2009. > > SUMMARY: > Implementation of new C library functions -- system_noshell(3C) > (and variants) to work as secure alternatives to the system(3C) > function, to proactively prevent security vulnerabilities resulting > from unintended invocation of user shell. [snip] > PROPOSED SOLUTION: > The system_noshell(3C) function call will be implemented to provide > the > same ease of use as the system(3C) function, via a single > (const char *) argument. Variants of this function will be > > system_noshell_x(3C) > and > system_noshell_xv(3C) > > which will allow for special arguments to be passed while executing a > file. > > Prototypes: > ----------- > > system_noshell(const char *abs_path);
1. Erm... just to be sure: "abs_path" may not contain any arguments, right (remeber the proposal for |exec_system(3C)| which was torn into pieces by wild animals^H^H^H^H^H^H^Hengineers because it picked a random character and used it for argument splitting (which is bad for cases when an argument should actually contain this character)) ? 2. It may be nice to add a |flags| argument to this call, too (to allow that it can be extended on demand without requiring another symbol to be added to libc). > system_noshell_x(const char *abs_path, uint_t flags, const char *arg0, > ... /* const char *argn, (char *)0 */); > > system_noshell_xv(const char *abs_path, uint_t flags, > char *const argv[]); In general: What happens with open file descriptors when they do not have the |FD_CLOEXEC| flag set ? ---- Bye, Roland -- __ . . __ (o.\ \/ /.o) roland.mainz at nrubsig.org \__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer /O /==\ O\ TEL +49 641 3992797 (;O/ \/ \O;)
