gabriel rosenkoetter on Sat, 15 Jun 2002 01:00:11 +0200


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] unix cp function call (thanks)


On Fri, Jun 14, 2002 at 05:39:03PM -0400, Bill Jonas wrote:
> On Fri, Jun 14, 2002 at 04:59:46PM -0500, Sean Finney wrote:
> > in your specific case, but I believe system passes the environment on to
> > an equivalent of '/bin/sh -c command'.
> Ah yes.  Discussed here:
> http://mercury.chem.pitt.edu/~tiho/LinuxFocus/English/January2001/article182.shtml#lfindex5

Good article, but you don't even need to google to find out what
system(3) does:

DESCRIPTION
     The system() function hands the argument string to the command inter-
     preter sh(1).  The calling process waits for the shell to finish execut-
     ing the command, ignoring SIGINT and SIGQUIT, and blocking SIGCHLD.

(That's NetBSD's man page, but I was looking at RedHat's earlier
today and it says basically the same stuff.)

system(3) is almost always a kludge. Sometimes that's okay. For
example, it got some use as a quick hack to fill in for something
to be written later for some friends of mine who were doing robotics
research at Swarthmore; the robot's running Linux.

Now, it so happened that the robot was, by way of 802.11, on a
publicly addressable network, but people were pretty non-wary of OS
security because, you know, it's a robot. Well, the robots got
hacked into repeatedly, though never because of their code. (It was
running a basic install of RH 6.2; I'm sure I could have found ways
through their various communication daemons if I'd wanted to, but I
wasn't the one trying to get in, and just hitting all the usual RH
6.2 daemons is far easier than doing any real hacking to do your
cracking.) Were it me, this 802.11 network would have been sitting
behind a firewall (which you could still get at by getting in range,
but that's a lot less likely than some random port scan off the
Internet).

-- 
gabriel rosenkoetter
gr@eclipsed.net

Attachment: pgpz8UNZFW0HZ.pgp
Description: PGP signature