[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Q - what acct does PAM use?



Dave Wreski wrote:
> > Incidentally, system() is actually a dangerous function to use in
> > security sensitive programs, you should look into using fork() and
> > the exec() family of calls.
> 
> Doesn't it depend greatly on what user is using system()?  Is it
> possible to get root, when a normal user uses system()?  I really
> don't think so, correct?

It is as you suggest.  However, because of the way system() runs a
command, there have been many cases in the past of people using
environment variables to trick a privileged application into doing
something it didn't expect to do.  Consider this a heads up...  (For
another version of this warning try: "man system").

Cheers

Andrew



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []