On Wed, Nov 22, 2017 at 2:45 PM, Michael Kerrisk (man-pages)
<mtk.manpa...@gmail.com> wrote:
>> Could you also warn about popen ?
>
> I already added a cross reference from popen(3) to the Caveats section
> in system(3). I should have mentioned that before.
>
>> And mention that system(sprintf("command %s")) is a security hole
>
> That seems obviously dangerous. But don't you think it is covered by this
> text:
>
> Any user input that is employed as part of command should be care‐
> fully sanitized, to ensure that unexpected shell commands or com‐
> mand options are not executed. Such risks are especially grave
> when using system() from a privileged program.
> ?
Yes but does not avoid tentation do use escape character
>
>> BTW escaping char is hard with shell, better to use execvp
>
> Agreed. I would not attempt escaping. Safer to allow only a whitelist
> of permited characters from user input.
Could you therefore add:
It is particularly hard to escape argument portably on all the POSIX
system, including shell variation. It is safer to allow only a
whitelist
of permited characters from user input, taking care to use sane IFS.
Only alphanum character with _ @ - are believed to be safe.
If you need to escape better to use execvp.
Please add also a warning about IFS
>
> Cheers,
>
> Michael
>
> --
> Michael Kerrisk
> Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
> Linux/UNIX System Programming Training: http://man7.org/training/
