From owner-svn-src-head@freebsd.org Sat Jul 25 00:21:30 2015 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2B6D79AA692; Sat, 25 Jul 2015 00:21:30 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1BF7C118C; Sat, 25 Jul 2015 00:21:30 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6P0LTPE013879; Sat, 25 Jul 2015 00:21:29 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6P0LT7Z013878; Sat, 25 Jul 2015 00:21:29 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201507250021.t6P0LT7Z013878@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Sat, 25 Jul 2015 00:21:29 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r285864 - head/lib/libc/stdlib X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Jul 2015 00:21:30 -0000 Author: delphij Date: Sat Jul 25 00:21:29 2015 New Revision: 285864 URL: https://svnweb.freebsd.org/changeset/base/285864 Log: Document the fact that system(3) can easily be misused due to shell meta characters are honored. While I'm there also mention posix_spawn in the SEE ALSO section. MFC after: 2 weeks Modified: head/lib/libc/stdlib/system.3 Modified: head/lib/libc/stdlib/system.3 ============================================================================== --- head/lib/libc/stdlib/system.3 Sat Jul 25 00:14:02 2015 (r285863) +++ head/lib/libc/stdlib/system.3 Sat Jul 25 00:21:29 2015 (r285864) @@ -32,7 +32,7 @@ .\" @(#)system.3 8.1 (Berkeley) 6/4/93 .\" $FreeBSD$ .\" -.Dd June 4, 1993 +.Dd July 25, 2015 .Dt SYSTEM 3 .Os .Sh NAME @@ -87,7 +87,8 @@ failed. .Xr execve 2 , .Xr fork 2 , .Xr waitpid 2 , -.Xr popen 3 +.Xr popen 3 , +.Xr posix_spawn 3 .Sh STANDARDS The .Fn system @@ -97,3 +98,14 @@ conforms to and is expected to be .St -p1003.2 compatible. +.Sh SECURITY CONSIDERATIONS +The +.Fn system +function is easily misused in a manner that enables a malicious +user to run arbitrary command, +because all meta-characters supported by +.Xr sh 1 +would be honored. +User supplied parameters should always be carefully santized +before they appear in +.Fa string.