Sumanth Naropanth wrote:
> Roland Mainz wrote on 05/29/09 15:39:
>
>
>>> If we're going to *parse* commands using spaces or what not, I vote
>>> no, right now!
>>>
>> I agree with Casper... we had that kind of proposal with |exec_system()|
>> a while ago (AFAIK in security-discuss at opensolaris.org) and that
>> proposal was "eaten&&trampled alive" (there should be always an option
>> to pass _any_ content (except '\0') via arguments and environment
>> variables and using a whitespace character for argument splitting
>> violates that).
>>
>>
>
> Yes, we did have that discussion with exec_system(). Going by the
> popular vote at that time from the folks on [security-discuss], I
> revised it to provide the two extended interfaces (_x and _xv) in
> addition to the simpler system_noshell() function. If the arguments
> contain any special characters like quotes (or anything for that
> matter), the extended interfaces should be used.
>
You're missing the point. If the user supplied text can contain a space
character, then it suffers from the same flaws, just not quite as obviously.
I remain, as before, unconvinced that this problem solves the real
problem. (The real problem being that programmers don't know how to use
system() safely, or when it should not be used at all.) In fact, based
on the recent line of discussion, I actually think it makes that problem
even worse, because it doesn't solve the important problem of dealing
with spaces! (If posix_spawn is too hard, then so are the _xv and _x
versions!)
- Garrett
> -Sumanth
>
