| gabriel rosenkoetter on Sat, 15 Jun 2002 01:00:11 +0200 |
|
On Fri, Jun 14, 2002 at 05:39:03PM -0400, Bill Jonas wrote: > On Fri, Jun 14, 2002 at 04:59:46PM -0500, Sean Finney wrote: > > in your specific case, but I believe system passes the environment on to > > an equivalent of '/bin/sh -c command'. > Ah yes. Discussed here: > http://mercury.chem.pitt.edu/~tiho/LinuxFocus/English/January2001/article182.shtml#lfindex5 Good article, but you don't even need to google to find out what system(3) does: DESCRIPTION The system() function hands the argument string to the command inter- preter sh(1). The calling process waits for the shell to finish execut- ing the command, ignoring SIGINT and SIGQUIT, and blocking SIGCHLD. (That's NetBSD's man page, but I was looking at RedHat's earlier today and it says basically the same stuff.) system(3) is almost always a kludge. Sometimes that's okay. For example, it got some use as a quick hack to fill in for something to be written later for some friends of mine who were doing robotics research at Swarthmore; the robot's running Linux. Now, it so happened that the robot was, by way of 802.11, on a publicly addressable network, but people were pretty non-wary of OS security because, you know, it's a robot. Well, the robots got hacked into repeatedly, though never because of their code. (It was running a basic install of RH 6.2; I'm sure I could have found ways through their various communication daemons if I'd wanted to, but I wasn't the one trying to get in, and just hitting all the usual RH 6.2 daemons is far easier than doing any real hacking to do your cracking.) Were it me, this 802.11 network would have been sitting behind a firewall (which you could still get at by getting in range, but that's a lot less likely than some random port scan off the Internet). -- gabriel rosenkoetter gr@eclipsed.net Attachment:
pgpz8UNZFW0HZ.pgp
|
|