system() & user input
Pavel Roskin
proski at gnu.org
Mon Sep 9 16:24:06 UTC 2002
Hello!
> There are some user unchecked and unquoted input there
> (subject, to and copy in the pipe_mail(), sort option in the
> edit_sort_cmd() and filename itself in the edit_block_process()).
> I don't like to see bug report about something like 'I formatted file
> `echo rm -rf /*`.c and I loss my system after it' or so on. It seems we
> need to quote such user input or use fork()+execvpe() for such cases.
You are right, we should not use system() unless the user expects the
shell to interpret the commands, which is not the case in either of those
functions.
I don't think those bugs can be actually exploited, but writing quoted
"some_command; rm -rf /" in the subject of e-mail can be a problem, and it
can really happen.
I actually don't understrand the reason why mc_doublepopen() uses two
forks. The comment doesn't say anything about it. I'd like to see more
unified approach to running external programs.
--
Regards,
Pavel Roskin
More information about the mc-devel
mailing list