Follow-up Comment #12, bug #34490 (project gnustep):
ShellExecuteW() sounds like the right choice on win32 to me.
regarding system(), I think the main problem is format string vulnerability…
i.e. a malicious user sends you a file with a specially-consturcted filename
and tells you to open it, and the shell ends up executing a code snippet in
the filename.
for fun, here is an example with an evil filename which deletes a file called
test.xxx in the current directory (you can actually create a file with that
name, at least on os x):
#include <stdlib.h>
#include <stdio.h>
void innocent_open_file(char *file)
{
char buf[1024];
sprintf(buf, "echo '%s'", file);
printf("calling system("%s");n", buf);
system(buf);
}
int main(int argc, const char **argv)
{
char *evilfilename = "deleting file...'; rm test.xxx; echo 'done.";
innocent_open_file(evilfilename);
return 0;
}
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?34490>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
_______________________________________________
Bug-gnustep mailing list
Bug-gnustep@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-gnustep
