It's a security flaw. Assuming you had an error in your code that
allowed that allowed the string to be exploited, the system call would
allow a person to do anything in the computer, subject to the
permissions your process has.
On 17-Oct-08, at 5:17 PM, Jonathon Kuo wrote:
On Oct 17, 20
On Fri, Oct 17, 2008 at 8:55 PM, Jonathon Kuo
<[EMAIL PROTECTED]> wrote:
>
> On Oct 17, 2008, at 5:33 PM, Michael Ash wrote:
>
>> And most important of all (I think), it almost always opens a security
>> hole.
>>
>> This case is a great example. The system() call as posted uses "rm" as
>> the comma
On Fri, Oct 17, 2008 at 5:55 PM, Jonathon Kuo
<[EMAIL PROTECTED]> wrote:
>
> On Oct 17, 2008, at 5:33 PM, Michael Ash wrote:
>
>> On Fri, Oct 17, 2008 at 5:29 PM, Kyle Sluder
>> <[EMAIL PROTECTED]> wrote:
>>>
>>> On Fri, Oct 17, 2008 at 5:17 PM, Jonathon Kuo
>>> <[EMAIL PROTECTED]> wrote:
On Oct 17, 2008, at 5:55 PM, Jonathon Kuo wrote:
If the coder doesn't take care to use fully qualified pathnames
like /bin/rm, etc., then it opens the door to security issues.
That's not an inherent problem with system(), per se, but the coder.
Wouldn't fork()/exec() and NSTask also suffer
On Oct 17, 2008, at 5:33 PM, Michael Ash wrote:
On Fri, Oct 17, 2008 at 5:29 PM, Kyle Sluder
<[EMAIL PROTECTED]> wrote:
On Fri, Oct 17, 2008 at 5:17 PM, Jonathon Kuo
<[EMAIL PROTECTED]> wrote:
Just curious why the recommendation against system()?
1) There's no need for it here. Why launch
On Fri, Oct 17, 2008 at 5:29 PM, Kyle Sluder
<[EMAIL PROTECTED]> wrote:
> On Fri, Oct 17, 2008 at 5:17 PM, Jonathon Kuo
> <[EMAIL PROTECTED]> wrote:
>> Just curious why the recommendation against system()?
>
> 1) There's no need for it here. Why launch /bin/sh just to launch
> /bin/rm, when you ca
On Fri, Oct 17, 2008 at 5:17 PM, Jonathon Kuo
<[EMAIL PROTECTED]> wrote:
> Just curious why the recommendation against system()?
1) There's no need for it here. Why launch /bin/sh just to launch
/bin/rm, when you can call unlink(2) yourself?
2) In this case, system(3) will launch a shell *as root
On Oct 17, 2008, at 1:21 PM, Kyle Sluder wrote:
On Fri, Oct 17, 2008 at 8:51 AM, Sachin Kumar <[EMAIL PROTECTED]
> wrote:
I am using system("rm -r myDriver.kext") to delete the file.
Please, *don't do this*. Pretend 'system' doesn't exist. unlink(2)
does exactly what you're looking for.
J
On Fri, Oct 17, 2008 at 8:51 AM, Sachin Kumar <[EMAIL PROTECTED]> wrote:
> I am using system("rm -r myDriver.kext") to delete the file.
Please, *don't do this*. Pretend 'system' doesn't exist. unlink(2)
does exactly what you're looking for.
> Is there any other method to delete the files in coc
Hi,
I am developing uninstall utility using cocoa to delete driver files from
/System/Library/Extensions/myDriver.kext. I am using system("rm -r
myDriver.kext") to delete the file. This is successfully done in root user. But
in normal user permissions denied.
Is there any other method
Hi,
I am developing uninstall utility using cocoa to delete driver files from
/System/Library/Extensions/myDriver.kext. I am using system("rm -r
myDriver.kext") to delete the file. This is successfully done in root user. But
in normal user permissions denied.
Is there any other method t
11 matches
Mail list logo
