Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I over heard someone saying that system() call from libc is not safe.
One reason i can think of is that it launches shell utility e.g. /bin/bash and if system("rm -rf $input") is started and $input is un-sanitized user input then it can potentially wreck havoc if $input=”/”.
What are the other reasons?
In general, “safe” is by comparison to the
execfamily of system calls (execve()being the lowest level standard one); involving a shell not only means problems with unsanitized data but also with$PATH(do you know what you are executing?) and with$IFS(this is a fun one: if someone can change$IFSon you, the shell won’t parse things the way you expect).