system() & user input

Andrew V. Samoilov kai at cmail.ru
Mon Sep 9 11:40:35 UTC 2002


Pavel Tsekov wrote:
> On Fri, 6 Sep 2002, Andrew V. Samoilov wrote:
> 
> 
>>There are some places in biultin editor, where systen() is called with
>>unchecked user input.
>>
>>For example pipe_mail(), edit_sort_cmd() and edit_block_process_cmd() in 
>>edit/editcmd.c, but user input is not checked. It will be nice to use 
>>mc_doubleopen() there to prevent possible security and data loss issue 
>>there.
> 
> 
> Do you refer to mc_doublepopen () ? If this is the case - what possible 
> problems would it solve ? Btw mc_doublepopen () is a pretty expensive 
> operation (2 forks) and should be replaced by some other mechanism.

There are some user unchecked and unquoted input there
(subject, to and copy in the pipe_mail(), sort option in the 
edit_sort_cmd() and filename itself in the edit_block_process()).
I don't like to see bug report about something like 'I formatted file 
`echo rm -rf /*`.c and I loss my system after it' or so on.  It seems we 
need to quote such user input or use fork()+execvpe() for such cases.

> 
> I was going to take a look at this but right now I have some important 
> task before I can go back to MC.
> 
> Pavel Tsekov






More information about the mc-devel mailing list