Thread: Gnome background-changing program

I'd like to write a C++ program that will randomly select a background image from a desired directory. I'd like the directory to be a command-line argument. Reading a post from earlier today, I saw some info about the function .c_str() which can be used to convert c-style strings to c++ strings. I have a few questions:

1. Is .c_str() the way to go when I need to convert strings to put in the system() calls?

2. Which headers will I need? <string>? <cstring>? both?

3. Any general advice how to go about this, what to beware of, etc.?

Your help is truly appreciated.

c_str() is used to convert C++ strings to C_strings
yes, it could be used with system
you need <string> header to work with C++ strings

you can avoid using C-strings functions, so you can avoid using <cstring> header

beware of system function

great. From what I've heard, system() is somewhat feared. Why exactly? Is it because I can potentially put a bad script in there?

Is there a way to write this program without using system()? If there is, I certainly don't know it.

It is because anyone having access to the computer can put anything somethere in the PATH that will be executed instead of the command you intend to run. And you will be author of the destruction happend

Originally Posted by dudeomanodude

Reading a post from earlier today, I saw some info about the function .c_str() which can be used to convert c-style strings to c++ strings

I just realized I had that backwards.

Originally Posted by vart

It is because anyone having access to the computer can put anything somethere in the PATH that will be executed instead of the command you intend to run. And you will be author of the destruction happend

But if distributed only in binary form (granted you trust my binaries) it shouldn't be a concern, right?

What form of distribution has to do with what I just said?

Originally Posted by dudeomanodude

3. Any general advice how to go about this, what to beware of, etc.?

c_str() returns a constant C-string -- you can't modify it.

With C-strings, you always have to make sure you have enough space to do whatever it is you're doing to them . . . .

To convert a C-string to a C++-string, it's very easy.

Code:

whatever = std::string(c_string);

In fact, it's implicit most of the time -- if a function needs a std::string, you can just pass it a C-string and it will be converted automatically.

[edit] With system(), think of it this way. If you used system("start /minimized explorer.exe"), and someone put start.exe in the current directory, that start.exe would be executed. And that start.exe could conceivably be anything . . . . [/edit]

I mean if I give you an executable file only, how can you change any part of it? I maybe missing the point here, so dumb it down if necessary.

Read my edit. It has nothing to do with what you actually execute. Unless you use the full path to the program -- and unless it's a standard windows program on a known windows platform, that can be difficult -- someone could run one of their programs with your program.

BTW -- you can easily edit the contents of an executable. It's tough to make strings longer, but give me an executable with system("whatever.exe"), and I could easily change it to system("virus.exe"). And so could you. Just edit the file with a hex editor or something -- search for "whatever.exe", and fill in "virus.exe\0".

if your application has a line system("notepad text.txt");
I can create a program that will format your disk C, call it notepad and put it in the folder listed in the PATH before c:\Windows

I will not modify your program, but what will happen when you run Your program on the computer I had "infected" in that way?

Here's ultimately the line that will be needed to accomplish the background change:

Code:

gconftool-2 -t string -s /desktop/gnome/background/picture_filename ~/DirectoryName/backgroundName.png

Obviously this is for gnome-window-manager. So would this be hard to make into something malicious?

Of course you can see here that the directory/backgroundImage.whatever is why I need the ability to conctenate C++ strings into C-Style strings.

If system() is still bad, what different solution is there?


concetenate c++ strings than convert to c-style strings is what I meant to say...

It doesn't matter whether your program is binary or not:

I want to format a person's HD just to be mean. It has your little program on it. I make a little program to do just that, and call it "start" (or whatever the name of the system program which your program is calling.

I'm clever and put my mean little program in the path, before the system program with the same name (relative to your program).

Your HD will be reformatted the next time your program runs. No virus protection program will alert, because there is no virus, at all. It's just a weakness in computer systems, that's all too easy to exploit. (Very well known, no secrets here).

Now if your program just read files from a directory, and loaded those images for display directly (with no system() ), that would be no problem. Then my mean little program would just cause your display program to throw an error or crash, at most.

Originally Posted by dwks

BTW -- you can easily edit the contents of an executable. It's tough to make strings longer, but give me an executable with system("whatever.exe"), and I could easily change it to system("virus.exe"). And so could you. Just edit the file with a hex editor or something -- search for "whatever.exe", and fill in "virus.exe\0".

Once you can edit the exe, the security of the exe is already compromised, so it doesn't matter if the thing that changes is a system call or not.

That's true.

concetenate c++ strings than convert to c-style strings is what I meant to say...

Code:

system(std::string(std::string("dir /b") + directory).c_str());

In your case, there aren't really that many alternatives to using system() that are much more secure, unless you know exactly where gconftool-2 is located. Here's where mine is, on a Debian system.

Code:

$ which gconftool-2
/usr/bin/gconftool-2
$