Starting up another process from within a C program
Vernon Schryver
vjs at rhyolite.wpd.sgi.com
Sat Nov 10 05:54:41 AEST 1990
In article <55759 at brunix.UUCP>, sgf at cs.brown.edu (Sam Fulcomer) writes:
> In article <1990Nov7.155855.16316 at odin.corp.sgi.com> jmb at patton.wpd.sgi.com (Doctor Software) writes:
> >...
> >Now you understand why I like to use popen()/pclose().
> >...
>
> Bear in mind that one of the things that makes popen more convenient is
> its use of /bin/sh to exec the command. It's not always the most secure
> method.
Elaboration: Never use popen() in a set-uid program for any UNIX system,
unless you understand the hole, and have done something about it.
(If you just want to open a hole, create a suid copy of your favorite
shell--it's easier to use.)
vjs
More information about the Comp.sys.sgi
mailing list