[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]
RE: script timer
Hi Binand,
I totally agree with you that for any program that involves security
issues, and runs with suid/ sgid bits set, should never make system()
calls.
system() infact always invokes /bin/sh -c string (refer man). So even
if the PATH variable does not contain /usr/local/bin, you can invoke a
program using /usr/local/bin/my_prog, I think that will expand to
** /bin/sh -c /usr/local/bin/my_prog **
/bin/sh is generally a link to /usr/bin/some_sh, so system() call does
not check if it is present. If the call fails it returns 127.
So, the PATH variable doesn't really matter. exec() calls also need
the total path. Yes the implication is, if the program crashes, the
state
of the program invoking the system(), if has suid/ sgid, is umm.. ;-)
You have stated that you cannot trap the return from the program being
called, if you invoke it from system() calls. Wrong, man page for you -
The return value is 127 if the execve() call for /bin/sh fails,
-1 if there was another error and the return code of the
command otherwise.
Well now excerpts from the exec() family man pages -
The exec family of functions replaces the current process
image with a new process image. The functions described
in this manual pages are front-ends for the execve().
You can well see, that both exec() families and system() ultimately
invoke execve(), with different sets of parameters.
I will try to emulate a crash, with a program doing execve() using
exec() families ;-), setting uid/gid to 0. I don't know what happens
in that case, I will check (not until weekend *sic*). Will keep in
touch.
PS1> As always **no offence**
Suvendra
- --------------------------------------------------------------------
For more information on Linux in India visit http://www.linux-india.org/
The Linux India mailing list does not accept postings in HTML format.
------------------------------