I've been reading that system() could present a security threat if replaced by a malicious program.
Would this be a problem under Linux assuming the program is run with normal user permissions?
Printable View
I've been reading that system() could present a security threat if replaced by a malicious program.
Would this be a problem under Linux assuming the program is run with normal user permissions?
If the normal user can access mission critical data - yes. Some 'normal' users do things like payroll, for example.
but then, in linux you are running an app as a normal user, but the app requires root for alterations to be made generally...root or as itself.
( apache being prime example of app with own id )
user can access, but not alter the application if done this way.
thereby defeating the system() vulnerability.
Ah I see now. Thanks all :)
Not quite. A user may find a way to eg symlink a system app on which the program relies to be trusted. There are ways to do this without being the superuser. Some systems allow users to write certain files they shouldn't, or a backup script may not be secure enough.Quote:
Originally Posted by Jaqui
This of course is the risk you run every time you run any program, but still you should try not to rely on external programs, although that's mainly for portability issues.