Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site geowhiz.UUCP
Path: utzoo!linus!philabs!cmcl2!seismo!uwvax!geowhiz!karsh
From: karsh@geowhiz.UUCP (Bruce Karsh)
Newsgroups: net.unix-wizards
Subject: Safe version of system(3) call.
Message-ID: <178@geowhiz.UUCP>
Date: Sat, 20-Apr-85 20:44:12 EST
Article-I.D.: geowhiz.178
Posted: Sat Apr 20 20:44:12 1985
Date-Received: Tue, 23-Apr-85 01:34:22 EST
Distribution: net
Organization: UW Madison, Geology Dept.
Lines: 34


  If you call the system(3) service from a program that is
setuid'ed to root, the argument of the call runs with root
privleges.  I wrote a protected version of system(3) that
I think is secure, and does what you would expect.  Is this
really secure, does it really do what one would expect, and
is this really the best way to do it?  I'd appreciate any
comments.

  For the record, we are running System III on a Masscomp.
It would be nice if this routine didn't care which flavor
of UN*X it ran on.

safesystem(string)
char *string;
{
int status,pid;
pid=fork();
if(pid == 0)
  {
  setuid(getuid());
  system(string);
  }
else
  {
  while (wait(&status) != pid) ;
  }
}
-- 
Bruce Karsh                           |
U. Wisc. Dept. Geology and Geophysics |
1215 W Dayton, Madison, WI 53706      | This space for rent.
(608) 262-1697                        |
{ihnp4,seismo}!uwvax!geowhiz!karsh    |