site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com On May 5, 2006, at 11:23 AM, David Gatwood wrote: I'm with Quinn here. System(3) belongs with gets(3) in that pile of tools that you never, ever use. Please, we've been doing this for years. Consider your life if the shell took this approach... _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... On May 5, 2006, at 12:02 PM, Michael Smith wrote: I disagree. If you use full paths and properly vet the arguments for shell escapes (or if the paths and arguments are not extracted from user input in such a way that embedded shell escapes would be possible), the system(3) call is not substantially less safe than fork and exec. Of course, by that point, you've written at least as much code as a safe fork()+exec() implementation. For that matter, the security difference between system(3) and popen (3) is zero, and the alternative to that involves some really, really ugly code (dup2 over top of STDERR_FILENO or whatever). That's just not something that most people will want to do if they can help it. :-) Thus, I don't think it makes sense to suggest avoiding these at all costs. You should, however, be careful when using them. Always use absolute paths. (This is important for some variants of exec(3) as well.) This email sent to site_archiver@lists.apple.com