Nicolas Williams wrote:
> On Mon, Mar 26, 2007 at 04:50:08PM -0400, Wyllys Ingersoll wrote:
>> Durga Deep Tirunagari wrote:
>>> Folks,
>>>
>>> we were running LINT against our code and it spewed out the following
>>> warning:
>>>
>>> warning: avoid using system() as it invokes the shell (E_SEC_SHELL_WARN)
>>>
>>>
>>> Here is the code snippet:
>>>
>>>
>>> sprintf (start_command,"%s", "/opt/SUNWdsee/start-slapd");
>>> (void) system(start_command);
>>>
>>> Any suggestions on getting rid of this warning ?
>>>
>>> _Durga
>>
>> The obvious way is to not use the "system" command at all. Try to find a
>> better way to exec the command that doesn't involve invoking a shell.
>
> Although in this particular case it seems safe and you could use a
> LINTED comment to shut up lint. Then one might worry that someone could
> later make this usage of system() no longer safe and then the lint
> directive will prevent detection of the problem. Better to use
> posix_spawn(3C), or just fork(2) and exec(2) the thing.
Just in case this isn't clear: The reason we [1] put this warning in
lint is that the string passed to system() is interpreted by the shell.
If it is derived from user input, an attacker could include characters
with special meaning to the shell in order to cause the program to do
unintended things. That's not an issue with this particular usage, which
calls system() with a fixed string.
Scott
[1] Joep Vesseur and I added the -errsecurity option to lint about four
years ago.
