On Tue, Oct 28, 2008 at 02:44:53PM -0700, Sumanth Naropanth wrote: > This project aims to provide a new public interface called the > 'exec_system()'. This function will be implemented to provide the same
What's the rationale for this name? Are there similar functions in other Unix or Unix-like operating systems? > ease of use as the system(3C), by defining a single (const char *) > argument. The implementation will be a wrapper around the > posix_spawn(3C)/waitpid(3C) functions. This interface will provide > greater security in comparison with the system() function by avoiding > shell invocation. Quoted arguments will be supported by using a new > macro called 'ES_QUOTE', which will be defined as: > > #define ES_QUOTE '\377%s\377' > > The special character '\377' is chosen since it lies outside the > printable character set. This quoting mechanism will make it harder for Is that true for *every* character set and encoding scheme that we support or might support? It's true for US-ASCII and for UTF-8, for example, but not for ISO8859-1, for example. So this is likely a terrible choice of quote character. Perhaps the only safe quote character would be NUL, and then you'd need to use NUL NUL as the terminator (or something). Moreover, why even have a quote character? Make this function take a variable number of arguments, with the last being NULL, and be done. > arbitrarily quoted user inputs to cause execution of unintended code. > But for whitespaces, no other shell meta-characters will be supported by > the exec_system() function. > > When used inside a setuid program, the exec_system() function will drop > privileges to those of the real user while executing the file/command. Maybe the user ID (real or effective) to use should be an argument, as well as whether to drop privs. > The exec_system() implementation will extend the signal handling model > of system(3C) and will set SIGCHLD to be blocked for the calling thread, Why not use forkx() to avoid SIGCHLD issues altogether? Nico --
