Re: [dev][project] soap - a simple xdg-open replacement

From: FRIGN <dev_AT_frign.de>
Date: Sun, 4 May 2014 18:16:30 +0200

On Sun, 04 May 2014 18:01:22 +0200
7heo <7heo_AT_mail.com> wrote:

> That's something any suckless software should never do. User
> hand-holding is contrary to the suckless philosophy, as far as I know,
> and any command that can execute other commands (such as watch(1),
> sudo(8), exec (shell builtin), and so on) should be used with extreme
> caution, as WITH ANY OTHER BINARY/SCRIPT.

Agreed!

> If your software is going to keep system(), you should document that and
> warn the user about the possibility of an injection in the parameters if
> the called binaries are not behaving safely.

I'll add this to the README/manpage.

> The other solution to drop system() (and use execve(2) or any other
> calls to it - exec(3), along with execl, execlp, execle, execv, execvp,
> execvpe - to call a shell script or binary that does what you want for
> each file type) that Chris seems to want would defer the problem to the
> script, which, if it is behaving unsafely, will be introducing the same
> security issues.

Well, then you lose the flexiblity of the shell for the most part.
Given this is factually a non-issue if you take care of what you write,
keeping system() is the way to go.
Using soap to only call external shell-scripts kind of defeats the
purpose and only pushes the non-problem on a different stack.
For single commands + arguments, the exec*-calls are definitely
superior, though!

Cheers

FRIGN

-- 
FRIGN <dev_AT_frign.de>
Received on Sun May 04 2014 - 18:16:30 CEST

This archive was generated by hypermail 2.3.0 : Sun May 04 2014 - 18:24:10 CEST