Bug #737
closeddon't use system() in daemons
0%
Description
We should replace system() with a simple wrapper function that just does fork + exec.
The use of system() is wrong on a lot of different levels:
1. It's slow because it has to execute a shell process
2. It introduces serious security vulnerabilities.
For example, consider this code fragment:
string cmd("rm -rf ");
cmd += filename;
system(cmd.c_str());
What happens if filename is
`echo /`?
3. While the call to system() is going on, signals are delivered not to the daemon, but to the process that is being executed in the system() shell. So ''killall -SIGTERM cosd'' will mysteriously fail to have any effect if we happen to deliver the signal to a thread that's doing system("rm -rf foo"). Instead, the rm will be terminated by the SIGTERM and return a negative error code.
Admittedly, this is less of a risk because we currently block signals in all threads but the main thread. But it's still another good reason not to use system.
We can write a simple wrapper function that just does fork + execvp and convert the system uses to that.
Updated by Colin McCabe about 13 years ago
- Status changed from New to Resolved