> If not used carefully, the system(3C) function may be responsible for
> the following security concerns:
>
> + Execution of the command is affected by the PATH, IFS and other
> environment variables.
None of our current shells evaluates the IFS environment variable.
>PROPOSED SOLUTION:
> The system_noshell(3C) function call will be implemented to provide the
> same ease of use as the system(3C) function, via a single
> (const char *) argument. Variants of this function will be
>
> system_noshell_x(3C)
> and
> system_noshell_xv(3C)
>
> which will allow for special arguments to be passed while executing a
> file.
>
> Prototypes:
> -----------
>
> system_noshell(const char *abs_path);
>
> system_noshell_x(const char *abs_path, uint_t flags, const char *arg0,
> ... /* const char *argn, (char *)0 */);
>
> system_noshell_xv(const char *abs_path, uint_t flags,
> char *const argv[]);
>
Are these wrappers for posix_spawn? And why can't we use posix_spawn as
it is?
posix_swap(&pid, abs_path, NULL, NULL, argv, NULL) is nearly the
same as system_noshell_vx.
If people don't use posix_spawn, why do you suspect they will use
system_no_shell*?
Where is the environment set?
Why are the _x and _xv suffices more like exec():
(execl, execv: l for list, v for a vector)
Casper
