Re: [PLUG] unix cp function call (thanks)

gabriel rosenkoetter on Mon, 17 Jun 2002 05:30:17 +0200

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] unix cp function call (thanks)

From: gabriel rosenkoetter <gr@eclipsed.net>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] unix cp function call (thanks)

Date: Sun, 16 Jun 2002 23:18:52 -0400

Mail-followup-to: plug@lists.phillylinux.org

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mutt/1.4i

On Sun, Jun 16, 2002 at 12:12:51PM -0400, Walt Mankowski wrote: > system(3) only takes one parameter -- a pointer to a character array. > What's the problem? That, no matter what's in that char string, you can't trust the environment under which the application was started (see the previous discussion of chroot(8), LD_LIBRARY_PATH, PATH, and a myriad of other complications), so you can't just blindly execute a path a user gives you. system(3) is a temporary hack if it's using user-supplied data and a security problem even if it's your own data (for mostly the same reasons). -- gabriel rosenkoetter gr@eclipsed.net
Attachment: pgpQ1xYQaqdzC.pgp
Description: PGP signature

References:

Re: [PLUG] unix cp function call (thanks)
From: gabriel rosenkoetter <gr@eclipsed.net>

Re: [PLUG] unix cp function call (thanks)
From: Fred K Ollinger <follinge@sas.upenn.edu>

Re: [PLUG] unix cp function call (thanks)
From: Walt Mankowski <waltman@pobox.com>

Prev by Date: Re: [PLUG] unix cp function call (thanks)

Next by Date: Re: [PLUG] unix cp function call (thanks)

Previous by thread: Re: [PLUG] unix cp function call (thanks)

Next by thread: Re: [PLUG] unix cp function call (thanks)

Index(es):

Date

Thread