Safe version of system(3) call.
David Sherman
dave at lsuc.UUCP
Sat Apr 27 00:59:18 AEST 1985
In article <178 at geowhiz.UUCP> karsh at geowhiz.UUCP (Bruce Karsh) writes:
||safesystem(string)
||char *string;
||{
||int status,pid;
||pid=fork();
||if(pid == 0)
|| {
|| setuid(getuid());
|| system(string);
|| }
||else
|| {
|| while (wait(&status) != pid) ;
|| }
||}
Looks OK to me, although while you're at it you should check
the SHELL environment variable, so someone who gets put into an
application when they sign on can't escape therefrom to the shell.
Also, if the fork() call fails and returns -1, the wait will
always return -1, and you'll loop forever. Not that most
UNIX programs are a heck of a lot more graceful in handling
fork failures, but at least they recognize it.
For that matter, the extra fork is unnecessary overhead. Copy
the system code (or invent it if you don't have source - it's
pretty simple), implement it in safesystem, and save a fork.
Dave Sherman
The Law Society of Upper Canada
--
{ ihnp4!utzoo pesnta utcs hcr decvax!utcsri } !lsuc!dave
More information about the Comp.unix.wizards
mailing list