Matt Bishop is a professor in the Department of Computer Science at the University of California at Davis. A recognized expert in vulnerability analysis, secure systems/software design, network security, access control, authentication, and UNIX security, Bishop also works to improve computer security instruction. He is the author of Computer Security: Art and Science and Introduction to Computer Security (Addison-Wesley).
The purpose of this article is to show how basic security principles can help
you develop programs that are harder for the bad guys to break. We'll examine
a simple function that executes a command as though it were typed at the
keyboard, exactly what the library function system does. But unlike many
system implementations, we'll constrain what happens so the calling program
can't trick it into executing some other program.
The system function takes a single argument: a character string with the
command to be executed just as it would be typed at the keyboard. The
function first invokes the Bourne shell, passing the command to that shell
using the "–c" option. The shell then spawns the command. For example:
system("date")
invokes the command
/bin/sh –c "date"
This executes the program "date," which prints the date on the standard
output.
Security Issues
... (more)
Matt Bishop is a professor in the Department of Computer Science at the University of California at Davis. A recognized expert in vulnerability analysis, secure systems/software design, network security, access control, authentication, and UNIX security, Bishop also works to improve computer security instruction. He is the author of Computer Security: Art and Science and Introduction to Computer Security (Addison-Wesley).
David Lucas
Shaul Efraim
Terence Martin Breslin
Cory Marchand
David Hughes
James Carlini
John Iffert
Dan Stolts
Joe Zeto
