UNIX commands in C
Kartik Subbarao
subbarao at phoenix.Princeton.EDU
Fri May 10 00:12:55 AEST 1991
In article <751.imc at uk.ac.ox.prg> imc at prg.ox.ac.uk (Ian Collier) writes:
>In article <REARL.91May1113957 at nutrimat.gnu.ai.mit.edu>, rearl at gnu.ai.mit.edu (Robert Earl) wrote:
>>In article <24527 at well.sf.ca.us> ron at well.sf.ca.us (Ronald Hayden) writes:
>>| #include <stdio.h>
>>|
>>| main ()
>>| {
>>| printf("\nTesting the UNIX 'who' command --\n");
>>| system("who");
>>| printf("\nDone.\n");
>>| exit(1);
>>| }
>Also, that should really be "/bin/who" rather than just "who", unless
>you are going to set the path explicitly in the program. Otherwise the
>program could break on someone else's machine if they do not have /bin
>in their path (unlikely) or if some other random program called "who"
>appears before /bin/who in the path. If you do this in an suid program
>be absolutely certain to specify the path, or else this creates a
>security loophole.
Ha! Using system() in any setuid program itself, regardless of how you invoke
the program, leaves a major security hole.
-Kartik
--
internet% ypwhich
subbarao at phoenix.Princeton.EDU -| Internet
kartik at silvertone.Princeton.EDU (NeXT mail)
SUBBARAO at PUCC.BITNET - Bitnet
More information about the Comp.unix.questions
mailing list