I've been reading that system() could present a security threat if replaced by a malicious program.
Would this be a problem under Linux assuming the program is run with normal user permissions?
I've been reading that system() could present a security threat if replaced by a malicious program.
Would this be a problem under Linux assuming the program is run with normal user permissions?
Good class architecture is not like a Swiss Army Knife; it should be more like a well balanced throwing knife.
- Mike McShaffry
If the normal user can access mission critical data - yes. Some 'normal' users do things like payroll, for example.
but then, in linux you are running an app as a normal user, but the app requires root for alterations to be made generally...root or as itself.
( apache being prime example of app with own id )
user can access, but not alter the application if done this way.
thereby defeating the system() vulnerability.
Originally Posted by Jeff Henager
Ah I see now. Thanks all
Good class architecture is not like a Swiss Army Knife; it should be more like a well balanced throwing knife.
- Mike McShaffry
Not quite. A user may find a way to eg symlink a system app on which the program relies to be trusted. There are ways to do this without being the superuser. Some systems allow users to write certain files they shouldn't, or a backup script may not be secure enough.
This of course is the risk you run every time you run any program, but still you should try not to rely on external programs, although that's mainly for portability issues.
SoKrA-BTS "Judge not the program I made, but the one I've yet to code"
I say what I say, I mean what I mean.
IDE: emacs + make + gcc and proud of it.
