Re: loading kext from a daemon program
Re: loading kext from a daemon program
- Subject: Re: loading kext from a daemon program
- From: Jim Thompson <email@hidden>
- Date: Fri, 5 May 2006 11:35:55 -1000
On May 5, 2006, at 11:23 AM, David Gatwood wrote:
On May 5, 2006, at 12:02 PM, Michael Smith wrote:
I'm with Quinn here. System(3) belongs with gets(3) in that pile of
tools that you never, ever use.
I disagree. If you use full paths and properly vet the arguments
for shell escapes
(or if the paths and arguments are not extracted from user input in
such a way that
embedded shell escapes would be possible), the system(3) call is
not substantially
less safe than fork and exec.
Of course, by that point, you've written at least as much code as a
safe fork()+exec() implementation.
For that matter, the security difference between system(3) and popen
(3) is zero, and
the alternative to that involves some really, really ugly code
(dup2 over top of
STDERR_FILENO or whatever). That's just not something that most
people will
want to do if they can help it. :-)
Please, we've been doing this for years.
Thus, I don't think it makes sense to suggest avoiding these at all
costs. You should,
however, be careful when using them. Always use absolute paths.
(This is important
for some variants of exec(3) as well.)
Consider your life if the shell took this approach...
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden