ahluka

I've been reading that system() could present a security threat if replaced by a malicious program.

Would this be a problem under Linux assuming the program is run with normal user permissions?

__________________
Good class architecture is not like a Swiss Army Knife; it should be more like a well balanced throwing knife.

- Mike McShaffry

jim mcnamara

If the normal user can access mission critical data - yes. Some 'normal' users do things like payroll, for example.

Jaqui

but then, in linux you are running an app as a normal user, but the app requires root for alterations to be made generally...root or as itself.
( apache being prime example of app with own id )
user can access, but not alter the application if done this way.
thereby defeating the system() vulnerability.

__________________

ahluka

Ah I see now. Thanks all

__________________
Good class architecture is not like a Swiss Army Knife; it should be more like a well balanced throwing knife.

- Mike McShaffry

-=SoKrA=-

Not quite. A user may find a way to eg symlink a system app on which the program relies to be trusted. There are ways to do this without being the superuser. Some systems allow users to write certain files they shouldn't, or a backup script may not be secure enough.

This of course is the risk you run every time you run any program, but still you should try not to rely on external programs, although that's mainly for portability issues.

__________________
SoKrA-BTS "Judge not the program I made, but the one I've yet to code"
I say what I say, I mean what I mean.
IDE: emacs + make + gcc and proud of it.