|
|
Subscribe / Log in / New account

Safer system()

Safer system()

Posted Apr 8, 2016 21:56 UTC (Fri) by giraffedata (guest, #1954)
In reply to: Safer system() by epa
Parent article: Security quotes of the week

I don't know about you, but for me, the special characters are the very reason I use system when I'm in a hurry. Recreating the shell's I/O redirection and piping, in particular, is a great deal of work.

There should be a libc function for doing all that with C data structures instead of text strings.

(Log in to post comments)

Safer system()

Posted Apr 9, 2016 12:44 UTC (Sat) by mathstuf (subscriber, #69389) [Link]

The problem is you don't know what shell you're going to get. Can't use bash-isms, you might get csh, rc, or some other setup. And if you want nice high-level structures to be provided by the standard library…why are you using C (there isn't even an associative array in there!)? I've heard that libuv is useful for doing process stuff (though it has trouble with collecting output, but then system doesn't help you there either).

Safer system()

Posted Apr 9, 2016 14:03 UTC (Sat) by anselm (subscriber, #2796) [Link]

The problem is you don't know what shell you're going to get. Can't use bash-isms, you might get csh, rc, or some other setup.

According to system(3), you get /bin/sh. That may or may not be bash (so it's probably advisable to stay away from bashisms) but it is reasonable to assume that it is something Bourne-like, i.e., not csh or rc.

Safer system()

Posted Apr 9, 2016 16:12 UTC (Sat) by giraffedata (guest, #1954) [Link]

The problem is you don't know what shell you're going to get.
I guess it wasn't clear that my proposal is not to involve a shell, but to have C library functions to do the things that C programmers use a shell for (via system) today.

And if you want nice high-level structures to be provided by the standard library…why are you using C (there isn't even an associative array in there!)?

The structures I'm thinking of are not especially high level. They're the arguments to exec, for example. Maybe FILE pointers for I/O redirection. Perhaps a list of structs each containing exec arguments for forking a set of processes connected in a pipeline.

When people decide that this is a level of sophistication is above what C is good for, the language they usually choose instead is shell, and then they get exactly what people are complaining about with system: if you aren't really careful about the variables in a statement of a shell program, the program will do something very different from what you expected. So staying low-level seems to be the goal.

Safer system()

Posted Apr 9, 2016 21:05 UTC (Sat) by lsl (subscriber, #86508) [Link]

> And if you want nice high-level structures to be provided by the standard library…why are you using C (there isn't even an associative array in there!)?

Well, there's hsearch(3) and tsearch(3). Not that those are particularly nice but they're standardized (in POSIX) and virtually every libc provides them.

Libpipeline

Posted Apr 19, 2016 17:05 UTC (Tue) by sil (guest, #99047) [Link]

This is precisely what Colin Watson's libpipeline is: details at http://libpipeline.nongnu.org/.


Copyright © 2022, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds