On Wed, Nov 22, 2017 at 2:45 PM, Michael Kerrisk (man-pages) <mtk.manpa...@gmail.com> wrote: >> Could you also warn about popen ? > > I already added a cross reference from popen(3) to the Caveats section > in system(3). I should have mentioned that before. > >> And mention that system(sprintf("command %s")) is a security hole > > That seems obviously dangerous. But don't you think it is covered by this > text: > > Any user input that is employed as part of command should be care‐ > fully sanitized, to ensure that unexpected shell commands or com‐ > mand options are not executed. Such risks are especially grave > when using system() from a privileged program. > ?
Yes but does not avoid tentation do use escape character > >> BTW escaping char is hard with shell, better to use execvp > > Agreed. I would not attempt escaping. Safer to allow only a whitelist > of permited characters from user input. Could you therefore add: It is particularly hard to escape argument portably on all the POSIX system, including shell variation. It is safer to allow only a whitelist of permited characters from user input, taking care to use sane IFS. Only alphanum character with _ @ - are believed to be safe. If you need to escape better to use execvp. Please add also a warning about IFS > > Cheers, > > Michael > > -- > Michael Kerrisk > Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ > Linux/UNIX System Programming Training: http://man7.org/training/