Path: utzoo!mnetor!uunet!husc6!mit-eddie!ll-xn!ames!ucbcad!pasteur!ucbvax!cbosgd!osu-cis!tut!lvc From: lvc@tut.cis.ohio-state.edu (Lawrence V. Cipriani) Newsgroups: comp.lang.c Subject: Re: system Message-ID: <4790@tut.cis.ohio-state.edu> Date: 19 Jan 88 13:10:27 GMT References: <127@dcrbg1.UUCP> <7118@brl-smoke.ARPA> Organization: The Ohio State University Dept of Computer and Information Science Lines: 29 Keywords: c program In article <7118@brl-smoke.ARPA> gwyn@brl.arpa (Doug Gwyn (VLD/VMB) ) writes: >In article <127@dcrbg1.UUCP> bcf2303@dcrbg1.UUCP (Wing Chow) writes: >>can someone give me an example of how to use 'system' in a c program? > > ... > fflush( stdout ); > if ( system( "date" ) != 0 ) /* print a time stamp on stdout */ > error( "cannot execute \"date\" command" ); > ... System is probably one of the most abused functions in the C library. This is an example of poor use, sorry Mr. Gwyn. There are security problems with system() on UNIX. If the program user sets their PATH so that it searches other than "non-standard" directories before searching "standard" there is the potentional for running the wrong program. This is deadly if the program using system() is setuid/setgid. What to do about it? When the program starts up, reset the PATH and IFS environment variables to something sensible, use full path names (unfortunately you will lose portability here) to the programs you are executing. Pathnames can be isolated in a header file so this isn't a big issue. -- Larry Cipriani, AT&T Networks Systems (by day) Ohio State University (by night) Domain: lvc@tut.cis.ohio-state.edu Path: ...!cbosgd!osu-cis!tut.cis.ohio-state.edu!lvc (yes its right)