Re: gets() is dead

On 2 May 2007 21:49:56 GMT, richard@xxxxxxxxxxxxxxx (Richard Tobin)
wrote:

In article <4639013A.D7420A69@xxxxxxxxx>,
CBFalconer <cbfalconer@xxxxxxxxxxxxx> wrote:

And there is one other candidate for harebrained non-safety: The
system() function, which takes a single string which the OS/shell
parses instead of letting you pass multiple arguments.

What is unsafe about that? It is obviously system dependent.

It's not that it can't be safely used, but that it can easily be
misused in a simple way that results in a gaping security hole. For
example, on a Unix system:

/* assume filename and command are suitably declared */
printf("enter file name to copy\n");
fgets(filename, sizeof(filename), stdin);
/* fgets error checking elided */
sprintf(command, "cp %s /tmp", filename);
system(command);

and imagine the user types "/dev/null /dev/null; rm -rf /; echo"

Have you actually tried this to see what happens? I bet not.

If what you say is true, then I think we all need to execute a
paradigm shift and focus our thinking of the most dangerous standard C
functions from using the standard C function like gets() to using the
standard C function system(). Future posts may well go like this:

OP's code:
system("pause");

Standard response:
NEVER, EVER, use the system() function. It's dangerous and could
delete all your files if you're not careful. That pales in comparison
to the dangers of using gets(), which amounts to nothing more than
undefined behavior in the form of, typically, some form of access
violation, which will, typically, be reported to you in no uncertain
terms.

The fact that modern day Unix/Linux systems don't let you log in as
root (or at least make it hard to do so) and require you to run "sudo"
to run privileged commands (which requires that you enter a password)
would leave me to believe that entering such "bad" input may,
possibly, delete files owned by you at worst, and benignly bomb out at
best. You did perform that backup last night, right?

I would also be interested in finding out what happens when the
equivalent command is entered on Windows Vista or even Windows XP or
even Mac OS X (or even Windows 98 or 95). If I have some spare time
this weekend, I'll let you all know the results. If anyone else cares
to experiments, your efforts are welcome, and well justified (since
system() is a standard C function, we deserve to know all about its
ramifications, good or bad).

Best regards
--
jay
.

Relevant Pages

  • Re: Microsoft Says Recovery from Malware Becoming Impossible
    ... a Microsoft security official said ... dollar everytime I caught something on Windows I could retire very ... what became an industy standard ??? ... And who actually invented XML??? ...
    (microsoft.public.security)
  • Re: What if Microsoft never existed?
    ... MS Word 1.0 for Windows was way ... >>> Without the standard, the life of developers would be hell. ... >>>is dead (OK, they still do releases, but largely based on Mozilla), ... But when Word will create/edit .pdf, ...
    (comp.sys.ibm.pc.hardware.chips)
  • Re: Graduate Teacher Programme - best way to approach it
    ... It is a de facto standard. ... aiming to teach transferable skills- so pupils can adapt to use applications ... Linux just happens to be the only viable competitor to Windows ...
    (uk.education.teachers)
  • Re: Good Lisp editor for Win
    ... Emacs went away from those and in the process was awkward. ... Windows was create in 1983 ... windows decides what is standard and what's not. ... surrendering the truth just because it is ...
    (comp.lang.lisp)
  • Re: mucking with Event Definitions to get tighter coupling to Objects ?
    ... are creating for anyone who has no idea how your custom event model works." ... typical use of the Events "standard model" and thinking, studying, what ... to many run-time created windows into a ... Similarly use of Interfaces that inherit from ...
    (microsoft.public.dotnet.languages.csharp)