mirror of https://github.com/mkerrisk/man-pages
system.3: Mention PATH explicitly in discussion of system and set-UID programs
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
bd64aa6435
commit
3b9f2b67e7
|
@ -207,12 +207,19 @@ Do not use
|
|||
from a program with set-user-ID or set-group-ID privileges,
|
||||
because strange values for some environment variables
|
||||
might be used to subvert system integrity.
|
||||
For example,
|
||||
.BR PATH
|
||||
could be manipulated so that an arbitrary program
|
||||
is executed with privilege.
|
||||
Use the
|
||||
.BR exec (3)
|
||||
family of functions instead, but not
|
||||
.BR execlp (3)
|
||||
or
|
||||
.BR execvp (3).
|
||||
.BR execvp (3)
|
||||
(which also use the
|
||||
.B PATH
|
||||
environment variable to search for an executable).
|
||||
.BR system ()
|
||||
will not, in fact, work properly from programs with set-user-ID or
|
||||
set-group-ID privileges on systems on which
|
||||
|
|
Loading…
Reference in New Issue