Path: utzoo!utgpu!water!watmath!clyde!cbosgd!cbdkc1!pmd From: pmd@cbdkc1.ATT.COM (Paul Dubuc) Newsgroups: comp.lang.c Subject: Re: system Keywords: c program Message-ID: <2768@cbdkc1.ATT.COM> Date: 19 Jan 88 19:14:03 GMT References: <127@dcrbg1.UUCP> <7118@brl-smoke.ARPA> <4790@tut.cis.ohio-state.edu> Reply-To: pmd@cbdkc1.UUCP (Paul Dubuc) Organization: AT&T Bell Laboratories; Columbus, Ohio Lines: 46 In article <4790@tut.cis.ohio-state.edu> (Lawrence V. Cipriani) writes: }>>can someone give me an example of how to use 'system' in a c program? }> }> ... }> fflush( stdout ); }> if ( system( "date" ) != 0 ) /* print a time stamp on stdout */ }> error( "cannot execute \"date\" command" ); }> ... } }System is probably one of the most abused functions in the C }library. This is an example of poor use, sorry Mr. Gwyn. There }are security problems with system() on UNIX. If the program user }sets their PATH so that it searches other than "non-standard" }directories before searching "standard" there is the potential }for running the wrong program. This is deadly if the program using }system() is setuid/setgid. } }What to do about it? When the program starts up, reset the PATH }and IFS environment variables to something sensible, use full }path names (unfortunately you will lose portability here) to the }programs you are executing. Pathnames can be isolated in a }header file so this isn't a big issue. Larry's cautions about the use of system() are well put, but these "abuses" are not inherent in that function. The same problems exist with the alternative of using the exec() family of system calls (speaking UNIX Sys V, here). Full path names must be specified with most of them (there's the loss of portability) except the "execvp()" and "execlp()" forms which use PATH, and are subject to the same security problems as system(). Unfortunately, you have to use these latter forms if what you want to exec might be a shell procedure (you get ENOEXEC) with the others in this case). The abuse that is inherent in system() is the fact that system() spawns another copy of the shell and runs your command under that shell. Needless to say this can be a tremendous waste in overhead if you don't need the facilities of the subshell to run the command (as in the above example). System() is also tempting to use because you don't have to go through the fork()/exec()/wait() sequence and handle all the possible outcomes correctly. (System() gives you less control of your child process, so there is less you have to look after, but the same results may be achieved more efficiently by isolating the fork()/exec()/wait() procedure in a subroutine.) -- Paul Dubuc {ihnp4,cbosgd}!cbdkc1!pmd