Press a key

This is a discussion on Press a key within the C++ Programming forums, part of the General Programming Boards category; Why system() is risky? It sends a command to system, how can it be a security risk?...

  1. #16
    System Novice siavoshkc's Avatar
    Join Date
    Jan 2006
    Location
    Tehran
    Posts
    1,231
    Why system() is risky? It sends a command to system, how can it be a security risk?
    Learn C++ (C++ Books, C Books, FAQ, Forum Search)
    Code painter latest version on sourceforge DOWNLOAD NOW!
    Download FSB Data Integrity Tester.
    Siavosh K C

  2. #17
    Supermassive black hole cboard_member's Avatar
    Join Date
    Jul 2005
    Posts
    1,709
    Because the program it calls can be replaced by a malicious one with the same name. Say you call:

    Code:
    system ("clear");
    On a UNIX / Linux box. clear is a program. It can therefore be replaced by another, malicious program also called "clear" and your program would be none the wiser.

    EDIT: Did you even bother reading the FAQ article?
    Good class architecture is not like a Swiss Army Knife; it should be more like a well balanced throwing knife.

    - Mike McShaffry

  3. #18
    System Novice siavoshkc's Avatar
    Join Date
    Jan 2006
    Location
    Tehran
    Posts
    1,231
    I am reading it.
    Learn C++ (C++ Books, C Books, FAQ, Forum Search)
    Code painter latest version on sourceforge DOWNLOAD NOW!
    Download FSB Data Integrity Tester.
    Siavosh K C

  4. #19
    System Novice siavoshkc's Avatar
    Join Date
    Jan 2006
    Location
    Tehran
    Posts
    1,231
    I read it. But no code can replace system commands at least in winXP.
    Go to command prompt in WinXP and write pause, it asks you to press a key to continue. Now copy an exe file to C: and rename it to "pause.exe". Again write pause, it asks you to press a key again(NO DIFFERENCE). But if you write pause.exe, it will execute the file.
    Last edited by siavoshkc; 01-20-2006 at 12:18 PM.
    Learn C++ (C++ Books, C Books, FAQ, Forum Search)
    Code painter latest version on sourceforge DOWNLOAD NOW!
    Download FSB Data Integrity Tester.
    Siavosh K C

  5. #20
    Supermassive black hole cboard_member's Avatar
    Join Date
    Jul 2005
    Posts
    1,709
    Quote Originally Posted by siavoshkc
    I read it. But no code can replace system commands at least in winXP.
    Go to command prompt in WinXP and write pause, it asks you to press a key to continue. Now copy an exe file to C: and rename it to "pause.exe". Again write pause, it asks you to press a key again(NO DIFFERENCE). But if you write pause.exe, it will execute the file.
    That's because the system programs aren't stored in C:\, genius. There is a way under XP: threads & processes, just like in UNIX. You'll have to look it up yourself - all I know is it involves the header "process.h", iirc.
    Good class architecture is not like a Swiss Army Knife; it should be more like a well balanced throwing knife.

    - Mike McShaffry

  6. #21
    Registered User Tonto's Avatar
    Join Date
    Jun 2005
    Location
    New York
    Posts
    1,465
    This is because 'pause' is not an executable that the system searches for, but rather a feature of the win32 console. If you were to instead, for example while looking for network statistics, run something like:

    Code:
    system("netstat");
    Then I would exploit the fact that the system searches the current directory for the netstat module before searching the system directory ::GetSystemDirectory(..), and I would put my own netstat.exe in the current directory and run evil code.

  7. #22
    The Richness... Richie T's Avatar
    Join Date
    Jan 2006
    Location
    Ireland
    Posts
    469

    beautiful system()

    if you're using MS VC++6, system is defined in header <stdlib.h> and you're using some form of windows too (dumb point but better safe than sorry - imagine MS VC++ for Unix!!?)

    what it does? lots!!!

    go in to start menu -> run: cmd.exe (or command.exe - i'm not sure if its version specific). this will load the windows command line interface or shell, which is most commonlly thought of as MS-DOS. it should look just like your console program

    try typing pause.

    now go into your code (include the header) and have this in your code:

    system ("pause");

    run it - see any similarity?

    the system () is a cheap and easy way to do lots of things that are not so often as easy in C/C++. it allows you to use shell commands in your own program, and there are a lot of them! the syntax is as above, just remember the quotation marks! a personal favorite of mine is system ("cls"); clears the console of all text - no need for a custom function. another good one is system ("color (hex_number)"); changes the *colour formatting of the console. type in color -ls into the shell to see how it works.

    sounds cool!!? thought so. why haven't you been told!!? cos its not as cool as it looks...

    system () is generally frowned upon by serious programmers because as a previous post said,

    "system() hands control over to the program it calls "

    an example of this is to use it to open a text file or some program. save your executable in a specific directory and create a text file with something in it, in the same directory.

    in the middle of your code, call

    system ("something.txt");

    you should see notepad open up, but your program is stalled in its place - it waits for the shell to return control to the program. close the text file, and your program resumes! it is also important that the item your are opening is in the same directory as your executable, i don't know how to change the path that it looks for it in just yet, but i'm not particularly concerned.

    here's a link to a microsoft site that has a load of shell commands for windows xp, most are common to earlier editions as well:

    http://www.microsoft.com/resources/d...us/ntcmds.mspx

    Have fun tinkering with the system from the inside!


    * i am aware that i spelled colour here, that is how it is spelt in european (i.e. original) english. windows was written with american english or just "american," as they like to think of their dialect as a unique language! no offence meant to anyone from america, great place and all but you're all a bunch of jackasses if y'all think y'all can come up with a new language by changing a few spellings from an older one! i've had my rant, now i'll leave before i get a lynch mob after me!

  8. #23
    The Richness... Richie T's Avatar
    Join Date
    Jan 2006
    Location
    Ireland
    Posts
    469
    it took me way too long to type that!

  9. #24
    System Novice siavoshkc's Avatar
    Join Date
    Jan 2006
    Location
    Tehran
    Posts
    1,231
    It is obvious that system() is not secure. But system commands are something different. How can the cls command be replaced by another program? For example when I write cls in console mode foo.exe executes instead of clearing the screen.
    Learn C++ (C++ Books, C Books, FAQ, Forum Search)
    Code painter latest version on sourceforge DOWNLOAD NOW!
    Download FSB Data Integrity Tester.
    Siavosh K C

  10. #25
    ZuK
    ZuK is offline
    Registered User
    Join Date
    Aug 2005
    Location
    Austria
    Posts
    1,990
    Quote Originally Posted by siavoshkc
    For example when I write cls in console mode foo.exe executes instead of clearing the screen.
    Code:
    ren foo.exe cls.exe
    Simple isn't it ?
    Kurt

  11. #26
    System Novice siavoshkc's Avatar
    Join Date
    Jan 2006
    Location
    Tehran
    Posts
    1,231
    >>Simple isn't it ?

    If you do it and write cls, windows executes CLS command, not cls.exe.

    Simple?
    Learn C++ (C++ Books, C Books, FAQ, Forum Search)
    Code painter latest version on sourceforge DOWNLOAD NOW!
    Download FSB Data Integrity Tester.
    Siavosh K C

  12. #27
    ZuK
    ZuK is offline
    Registered User
    Join Date
    Aug 2005
    Location
    Austria
    Posts
    1,990
    Ok. It's not that easy replacing cls. cls seems to be an internal command of cmd.exe. so cmd.exe would have to be repalced as well.
    Kurt

  13. #28
    System Novice siavoshkc's Avatar
    Join Date
    Jan 2006
    Location
    Tehran
    Posts
    1,231
    Exactly!

  14. #29
    ZuK
    ZuK is offline
    Registered User
    Join Date
    Aug 2005
    Location
    Austria
    Posts
    1,990
    Quote Originally Posted by siavoshkc
    Exactly!
    Ok. You won. Using system() must be safe.

  15. #30
    and the hat of wrongness Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    32,535
    > How can the cls command be replaced by another program?
    http://msdn.microsoft.com/library/de..._._wsystem.asp
    Wherein, it says
    The system function passes command to the command interpreter, which executes the string as an operating-system command. system refers to the COMSPEC and PATH environment variables that locate the command-interpreter file (the file named CMD.EXE in Windows NT). If command is NULL, the function simply checks to see whether the command interpreter exists.
    It really doesn't matter what you put between the quotes, because if someone has done
    COMSPEC=myhack.exe
    or
    PATH=C:\path\to\my\cmdexe;C:\windows\system
    Then the program you end up running is not the cmd.exe you thought you were running.

    Or even more legitimately, say people who prefer to use bash.exe in cygwin as their shell because its a far more capable shell than cmd.exe.

    Sure, you can argue if you want that "cls" doesn't cause cmd.exe to invoke an external process, but that's hardly the point if you can't be sure that you're running cmd.exe in the first place. Also, as Tonto points out, it's all too easy to develop bad programming habits and slip easily into doing something really stupid later on by using system() when you really shouldn't, simply because of the habit of choosing the easy option in your code.

Page 2 of 3 FirstFirst 123 LastLast
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Replies: 16
    Last Post: 11-23-2007, 12:48 PM
  2. Virtual keys
    By Arkanos in forum Windows Programming
    Replies: 4
    Last Post: 12-12-2005, 09:00 AM
  3. Directional Keys - Useing in Console
    By RoD in forum C++ Programming
    Replies: 38
    Last Post: 10-06-2002, 04:42 PM
  4. FAQ: Directional Keys - Useing in Console
    By RoD in forum FAQ Board
    Replies: 38
    Last Post: 10-06-2002, 04:42 PM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21