James Carlson wrote on 10/28/08 18:02:
> Sumanth Naropanth writes:
>> The system(3C) C library function invokes the shell to execute the
>> argument string supplied to it. This function is frequently used to
>> execute a file when it is not necessary to invoke the shell at all.
>> Searching through the OpenSolaris source files for the usage of the
>> system() function produces over 200 hits, a large number of which are
>> just binary executions which should rather be done in a safer way using
>> the exec(2) family of system calls.
>
> How many of those locations can use the new function without breaking
> compatibility?
>
> This is sort of a direct way of asking a more fundamental question:
> what's the usage case?
>
Places where system(3C) lead to security bugs such as 6472377 (and
related bug 6473508), 6438834, portions of 6754889, an older 4897594 and
a more recent 6751653.
(Security bugs have limited visibility outside of Sun Network)
cscope search through the OpenSolaris code shows many places where
system() is being called in an
sprintf(buf, ...); system(buf);
style with relative pathnames and user inputs. Several of these don't
use any shell meta-characters and don't required the shell. Recent bugs
like 6751653 show that newer code in the future may introduce unsafe
usages of system(3C) and those could be easily fixed via exec_system()
instead of a more elaborate fork()/exec()/waitpid() way.
Regards,
Sumanth
