system() Security

This is a discussion on system() Security within the Linux Programming forums, part of the Platform Specific Boards category; I've been reading that system() could present a security threat if replaced by a malicious program. Would this be a ...

  1. #1
    Supermassive black hole cboard_member's Avatar
    Join Date
    Jul 2005
    Posts
    1,709

    system() Security

    I've been reading that system() could present a security threat if replaced by a malicious program.

    Would this be a problem under Linux assuming the program is run with normal user permissions?
    Good class architecture is not like a Swiss Army Knife; it should be more like a well balanced throwing knife.

    - Mike McShaffry

  2. #2
    .
    Join Date
    Nov 2003
    Posts
    307
    If the normal user can access mission critical data - yes. Some 'normal' users do things like payroll, for example.

  3. #3
    Registered User Jaqui's Avatar
    Join Date
    Feb 2005
    Posts
    416
    but then, in linux you are running an app as a normal user, but the app requires root for alterations to be made generally...root or as itself.
    ( apache being prime example of app with own id )
    user can access, but not alter the application if done this way.
    thereby defeating the system() vulnerability.
    Quote Originally Posted by Jeff Henager
    If the average user can put a CD in and boot the system and follow the prompts, he can install and use Linux. If he can't do that simple task, he doesn't need to be around technology.

  4. #4
    Supermassive black hole cboard_member's Avatar
    Join Date
    Jul 2005
    Posts
    1,709
    Ah I see now. Thanks all
    Good class architecture is not like a Swiss Army Knife; it should be more like a well balanced throwing knife.

    - Mike McShaffry

  5. #5
    Me -=SoKrA=-'s Avatar
    Join Date
    Oct 2002
    Location
    Europe
    Posts
    448
    Quote Originally Posted by Jaqui
    thereby defeating the system() vulnerability.
    Not quite. A user may find a way to eg symlink a system app on which the program relies to be trusted. There are ways to do this without being the superuser. Some systems allow users to write certain files they shouldn't, or a backup script may not be secure enough.

    This of course is the risk you run every time you run any program, but still you should try not to rely on external programs, although that's mainly for portability issues.
    SoKrA-BTS "Judge not the program I made, but the one I've yet to code"
    I say what I say, I mean what I mean.
    IDE: emacs + make + gcc and proud of it.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Using system icons
    By @nthony in forum Windows Programming
    Replies: 1
    Last Post: 01-13-2007, 07:56 PM
  2. Linux database system needed
    By BobS0327 in forum Tech Board
    Replies: 7
    Last Post: 06-11-2006, 04:56 PM
  3. measuring system resources used by a function
    By Aran in forum C Programming
    Replies: 1
    Last Post: 03-13-2006, 05:35 PM
  4. New system build wont boot
    By lightatdawn in forum Tech Board
    Replies: 7
    Last Post: 12-02-2005, 06:58 AM
  5. BIOS system and memory allocation problem
    By beely in forum Tech Board
    Replies: 9
    Last Post: 11-25-2003, 07:12 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21