Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!cmcl2!stealth.acf.nyu.edu!brnstnd
From: brnstnd@stealth.acf.nyu.edu
Newsgroups: comp.unix.questions
Subject: Re: Controlling stdin and stdouts of other executables
Message-ID: <5557:May723:12:2590@stealth.acf.nyu.edu>
Date: 7 May 90 23:12:25 GMT
References: <3967@hcx1.SSD.CSD.HARRIS.COM> <6418@star.cs.vu.nl> <1990May2.063730.5867@Neon.Stanford.EDU> <26405616.54D3@tct.uucp>
Reply-To: brnstnd@stealth.acf.nyu.edu (Dan Bernstein)
Distribution: usa
Organization: IR
Lines: 18

In article <26405616.54D3@tct.uucp> chip@tct.uucp (Chip Salzenberg) writes:
> According to dkeisen@Gang-of-Four.Stanford.EDU (Dave Eisen):
> >system ("command > /dev/null 2>&1");
> Beware system().
  [ points out security problems ]
> 	sprintf(buf, "/usr/lib/sendmail -oem '%s' <%s", address, tempfile);
> 	system(buf);

system() can be used safely. First, make sure your environment is
controlled. Second, add the address and the temporary file to the
environment. Finally, use

  system("exec /usr/lib/sendmail -oem \"$ADD\" < \"$TEMPFILE\"");

Spawning the process yourself is better, but as Chip points out,
system() is simpler for novices. Caveat: I haven't tested this.

---Dan