mirror of https://github.com/mkerrisk/man-pages
system.3: Create a "Caveats" subsection to hold warnings about the use of system()
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
979a439b41
commit
a6be81bab9
|
@ -174,25 +174,6 @@ while (something) {
|
|||
.EE
|
||||
.in
|
||||
.PP
|
||||
Do not use
|
||||
.BR system ()
|
||||
from a program with set-user-ID or set-group-ID privileges,
|
||||
because strange values for some environment variables
|
||||
might be used to subvert system integrity.
|
||||
Use the
|
||||
.BR exec (3)
|
||||
family of functions instead, but not
|
||||
.BR execlp (3)
|
||||
or
|
||||
.BR execvp (3).
|
||||
.BR system ()
|
||||
will not, in fact, work properly from programs with set-user-ID or
|
||||
set-group-ID privileges on systems on which
|
||||
.I /bin/sh
|
||||
is bash version 2, since bash 2 drops privileges on startup.
|
||||
(Debian uses a modified bash which does not do this when invoked as
|
||||
.BR sh .)
|
||||
.PP
|
||||
According to POSIX.1, it is unspecified whether handlers registered using
|
||||
.BR pthread_atfork (3)
|
||||
are called during the execution of
|
||||
|
@ -218,6 +199,27 @@ which yields a
|
|||
.BR system ()
|
||||
return value that is indistinguishable from the case
|
||||
where a shell could not be executed in the child process.
|
||||
.\"
|
||||
.SS Caveats
|
||||
.PP
|
||||
Do not use
|
||||
.BR system ()
|
||||
from a program with set-user-ID or set-group-ID privileges,
|
||||
because strange values for some environment variables
|
||||
might be used to subvert system integrity.
|
||||
Use the
|
||||
.BR exec (3)
|
||||
family of functions instead, but not
|
||||
.BR execlp (3)
|
||||
or
|
||||
.BR execvp (3).
|
||||
.BR system ()
|
||||
will not, in fact, work properly from programs with set-user-ID or
|
||||
set-group-ID privileges on systems on which
|
||||
.I /bin/sh
|
||||
is bash version 2, since bash 2 drops privileges on startup.
|
||||
(Debian uses a modified bash which does not do this when invoked as
|
||||
.BR sh .)
|
||||
.SH SEE ALSO
|
||||
.BR sh (1),
|
||||
.BR execve (2),
|
||||
|
|
Loading…
Reference in New Issue