Non standard headers and libraries and DIC culture

  • (2 Pages)
  • +
  • 1
  • 2

17 Replies - 8217 Views - Last Post: 16 July 2012 - 11:57 AM

#16 snoopy11  Icon User is offline

  • Engineering ● Software
  • member icon

Reputation: 778
  • View blog
  • Posts: 2,299
  • Joined: 20-March 10

Re: Non standard headers and libraries and DIC culture

Posted 16 July 2012 - 12:31 AM

As an aside to the general argument,

Decent article on system can be
found here, pay particular attention
to system security.

System Article

Although I disagree with the title
Child molesters and Murderers are evil,
System is just misguided.

Everything else I pretty much agree with
and should give some food for thought
for those who prefer system("pause");

to other methods of holding a window
open like _getch();

Anyway good arguments all round.

Snoopy.
Was This Post Helpful? 1
  • +
  • -

#17 sepp2k  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 2116
  • View blog
  • Posts: 3,242
  • Joined: 21-June 11

Re: Non standard headers and libraries and DIC culture

Posted 16 July 2012 - 10:59 AM

View Postsnoopy11, on 16 July 2012 - 09:31 AM, said:



As far as the Unix side is concerned the security part of that article makes no sense to me.

First the article tells you to add the current directory to the PATH, then it does something bad that only works when the current directory is in the PATH and then it tells you that that's why system is bad. What a weird logic. All that shows you is that you should never ever add the current directory to the PATH. There's a good reason that it isn't in there by default.

Note that by that logic any PATH-respecting method of invoking another application would be bad - not just system.
Was This Post Helpful? 1
  • +
  • -

#18 snoopy11  Icon User is offline

  • Engineering ● Software
  • member icon

Reputation: 778
  • View blog
  • Posts: 2,299
  • Joined: 20-March 10

Re: Non standard headers and libraries and DIC culture

Posted 16 July 2012 - 11:57 AM

View Postsepp2k, on 16 July 2012 - 05:59 PM, said:

As far as the Unix side is concerned the security part of that article makes no sense to me.

First the article tells you to add the current directory to the PATH, then it does something bad that only works when the current directory is in the PATH and then it tells you that that's why system is bad. What a weird logic. All that shows you is that you should never ever add the current directory to the PATH. There's a good reason that it isn't in there by default.

Note that by that logic any PATH-respecting method of invoking another application would be bad - not just system.



Yeah I know that part is very convuluted, I do agree but the premise of invoking things that you had not intended to is there and not just for notepad like editors.

The real risk comes in when you build a string programmatically and then use it with system(). Then you have a risk of Shell Command Injection, where you thought you were building one command, but a malicious user subverts your program by giving you carefully crafted inputs that cause your command to do something you didn't expect.

But have a point anyway because you do have a point.

Snoopy.

This post has been edited by snoopy11: 16 July 2012 - 12:03 PM

Was This Post Helpful? 0
  • +
  • -

  • (2 Pages)
  • +
  • 1
  • 2