Garrett D'Amore wrote on 05/29/09 16:37: > Sumanth Naropanth wrote: >> Roland Mainz wrote on 05/29/09 15:39: >> >> >>>> If we're going to *parse* commands using spaces or what not, I vote >>>> no, right now! >>>> >>> I agree with Casper... we had that kind of proposal with |exec_system()| >>> a while ago (AFAIK in security-discuss at opensolaris.org) and that >>> proposal was "eaten&&trampled alive" (there should be always an option >>> to pass _any_ content (except '\0') via arguments and environment >>> variables and using a whitespace character for argument splitting >>> violates that). >>> >>> >> >> Yes, we did have that discussion with exec_system(). Going by the >> popular vote at that time from the folks on [security-discuss], I >> revised it to provide the two extended interfaces (_x and _xv) in >> addition to the simpler system_noshell() function. If the arguments >> contain any special characters like quotes (or anything for that >> matter), the extended interfaces should be used. >> > > You're missing the point. If the user supplied text can contain a space > character, then it suffers from the same flaws, just not quite as > obviously. >
I think the argument (on security-discuss) that Roland has mentioned is about using whitespaces to parse inputs and tokenize strings into argument vectors. These functions do *not* work that way. The very initial proposal suggested this method, but that was changed in the revised proposal. It is possible to pass whitespaces (and other characters) as part of the input to these functions. Since this case has been derailed, I'll be taking this offline. -Sumanth
