On Oct 17, 2008, at 5:55 PM, Jonathon Kuo wrote:
If the coder doesn't take care to use fully qualified pathnames like /bin/rm, etc., then it opens the door to security issues. That's not an inherent problem with system(), per se, but the coder. Wouldn't fork()/exec() and NSTask also suffer from this same issue?
Yes, but system() makes the problem so hard as to be unsolvable. Because it invokes a shell, you must be extremely careful about sanitizing what you pass to it. However, because it invokes a shell, it's almost impossible to know with 100% certain *how* to perform that sanitization.
Don't use system() in cases like this. It's dangerous and almost always overkill. The original poster will need to implement a helper tool anyway to be used properly with AuthorizationExecuteWithPrivileges; that helper tool can just make the appropriate calls to unlink() when it's passed a properly-acquired-and- validated right.
-- Chris _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [EMAIL PROTECTED]
