Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Are system() calls evil?

Tags:

c++

posix

I am designing an C++ app that, among other things, executes a few scripts every now and then. The app should be efficient and preferably platform independent.

The issue is, however: is there a reason one shouldn't use system() call for launching scripts and use, for example, POSIX facilities instead? The discussion on the matter that I've seen so far usually boils down to:

  1. system() is less flexible. (Fine with me)
  2. It offers no control of the command being executed. (Fine with me, I just need a return value from the script)
  3. It is not quite platform independent. (Now, this would be a concern. I would really love to see an example where it behaves differently on different platforms)
  4. It is a security concern. (Again, this would be an issue. Can someone provide an example of a potential security problem with system()? )
  5. Any other issues?
like image 984
AlexK Avatar asked Nov 10 '11 20:11

AlexK


2 Answers

3) It is not quite platform independent (Now, this would be a concern. I would really love to see an example where it behaves differently on different platforms)

Well, for instance system("ls") would probably fail in Windows, since there is no ls command.

4) It is a security concern. (Again, this would be an issue. Can someone provide an example of a potential security problem with system() ? )

If the argument passed to system comes from user input, and not properly validated, it can be used to execute unwanted things with the privilege levels of the original executer. If its static content, its quite easy to find that within an executable image and modify it to do nasty things as well.

like image 132
K-ballo Avatar answered Nov 05 '22 18:11

K-ballo


(3) If you just want a counterexample, for example grep behaves differently on Solaris vs Linux vs whatever.

(4) Your program's privileges are inherited by its spawned programs. If your application ever runs as a privileged user, all someone has to do is put their own program with the name of the thing you shell out too, and then can execute arbitrary code (this implies you should never run a program that uses system as root or setuid root).

(5) It will probably be saner to maintain in the long run to use the posix facilities because you won't have to rely on a specific set of external scripts or binaries already existing wherever your program runs.

like image 44
Mark B Avatar answered Nov 05 '22 19:11

Mark B