Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!rutgers!brl-adm!brl-smoke!gwyn
From: gwyn@brl-smoke.UUCP
Newsgroups: comp.unix.wizards
Subject: Re: \"special\" shells a security hole?
Message-ID: <5608@brl-smoke.ARPA>
Date: Mon, 9-Feb-87 00:37:16 EST
Article-I.D.: brl-smok.5608
Posted: Mon Feb  9 00:37:16 1987
Date-Received: Tue, 10-Feb-87 04:16:25 EST
References: <3953@brl-adm.ARPA> <2590002@hpisod2.HP> <3037@gitpyr.gatech.EDU> <1317@ho95e.ATT.COM>
Reply-To: gwyn@brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>)
Organization: Ballistic Research Lab (BRL), APG, MD.
Lines: 12

In article <1317@ho95e.ATT.COM> wcs@ho95e.UUCP (46133-#Bill.Stewart,2G202,x0705,) writes:
-In article <3037@gitpyr.gatech.EDU> robert@gitpyr.UUCP (Robert Viduya) writes:
->Watch out for programs that allow shell escapes but ignore SHELL, though.
-The "system(3)" subroutine call does this, at least on V7, 4.1BSD, and
-System V Release 0 and 2.  A lot of commands use it, including /bin/mail.
-Aside from being anti-social (4.*BSD and SVR2 are old enough to know better),
-it can also be a source of bugs and/or security risks.

Quite the contrary, it is essential for system(3) to provide a well-behaved
set of semantics in order to NOT create a security hole.
Allowing its behavior to depend on an environment variable would break
many programs.