On Sun, 04 May 2014 18:01:22 +0200 7heo <7...@mail.com> wrote: > That's something any suckless software should never do. User > hand-holding is contrary to the suckless philosophy, as far as I know, > and any command that can execute other commands (such as watch(1), > sudo(8), exec (shell builtin), and so on) should be used with extreme > caution, as WITH ANY OTHER BINARY/SCRIPT.
Agreed! > If your software is going to keep system(), you should document that and > warn the user about the possibility of an injection in the parameters if > the called binaries are not behaving safely. I'll add this to the README/manpage. > The other solution to drop system() (and use execve(2) or any other > calls to it - exec(3), along with execl, execlp, execle, execv, execvp, > execvpe - to call a shell script or binary that does what you want for > each file type) that Chris seems to want would defer the problem to the > script, which, if it is behaving unsafely, will be introducing the same > security issues. Well, then you lose the flexiblity of the shell for the most part. Given this is factually a non-issue if you take care of what you write, keeping system() is the way to go. Using soap to only call external shell-scripts kind of defeats the purpose and only pushes the non-problem on a different stack. For single commands + arguments, the exec*-calls are definitely superior, though! Cheers FRIGN -- FRIGN <d...@frign.de>
