Sumanth Naropanth wrote:
> Thanks for all your inputs. I'll post a revised proposal after working
> on the open issues.
>
Here is the revised proposal for the C library interface I'd like to
provide as a secure alternative to the system(3C) function.
In light of the some of the comments received, I've removed the quoting
functionality completely. No shell meta-characters will be supported and
whitespaces within argument strings will be interpreted as delimiters.
I'd like to introduce three functions with the following prototypes:
system_noshell(const char *abs_path)
system_noshell_x(const char *abs_path, uint_t flags, ...)
system_noshell_xv(const char *abs_path, uint_t flags,
char *const argv[])
system_noshell() uses a single (const char *) like the system(3C), while
system_noshell_x() and system_noshell_xv() provide extended interfaces
to execute files with special characters in the arguments, including quotes.
system_noshell_x() may be called with variable number of arguments and
system_noshell_xv() is an execv() style interface that takes array of
pointers to null-terminated strings.
The 'flags' variable can be used to specify the uid to execute the file,
when the functions are called inside setuid programs. The interface will
define flags 'SN_REAL_ID' and 'SN_EFFECTIVE_ID' to pass the uid
arguments. This field may be extended as new options are defined for the
interface.
As described in the first draft, an absolute path will be required for
the file to be executed. Signal handling will be done as discussed
earlier. The interfaces will be implemented via posix_spawn(3C) and its
extensions.
If there are any comments on the updates or otherwise, please share. Thanks!
-Sumanth
