Re: Delete myDriver.kext files from normal user.
Re: Delete myDriver.kext files from normal user.
- Subject: Re: Delete myDriver.kext files from normal user.
- From: Chris Hanson <email@hidden>
- Date: Fri, 17 Oct 2008 18:05:02 -0700
On Oct 17, 2008, at 5:55 PM, Jonathon Kuo wrote:
If the coder doesn't take care to use fully qualified pathnames
like /bin/rm, etc., then it opens the door to security issues.
That's not an inherent problem with system(), per se, but the coder.
Wouldn't fork()/exec() and NSTask also suffer from this same issue?
Yes, but system() makes the problem so hard as to be unsolvable.
Because it invokes a shell, you must be extremely careful about
sanitizing what you pass to it. However, because it invokes a shell,
it's almost impossible to know with 100% certain *how* to perform that
sanitization.
Don't use system() in cases like this. It's dangerous and almost
always overkill. The original poster will need to implement a helper
tool anyway to be used properly with
AuthorizationExecuteWithPrivileges; that helper tool can just make the
appropriate calls to unlink() when it's passed a properly-acquired-and-
validated right.
-- Chris
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden