[ale] C question

Ed Cashin ecashin at noserose.net
Thu May 22 19:31:32 EDT 2014


In general, with this kind of stuff, you want to avoid using the
shell, so no use of "system" or other library calls that implicitly
run a shell.  The reason is that most programmers cannot anticipate
all the corner cases that allow unexpected things to happen when you
run a shell from your C program based on user data.

But this extra information is making me less certain that I'm coming
up with the best feedback.

Does it happen to be the case that you're using C because you want to
create an executable that you will make setuid root?


On Thu, May 22, 2014 at 7:12 PM, Robert L. Harris
<robert.l.harris at gmail.com> wrote:
> My main goal is to make sure someone doesn't run this command and pass it
> somethign like :     "15361; rm -rf ~/*"
> I will need another version where XXXXX can be any alpha-numeric character
> too but the main concern is the moron doing something stupid.
>
> Robert
>
>
>
> On Thu, May 22, 2014 at 4:40 PM, Ed Cashin <ecashin at noserose.net> wrote:
>>
>> I'm not at a keyboard now, but strtol could do it all if you provide a
>> non-NULL end pointer. (That will make sense on reading the strtol man page.)
>> Just subtract the end from the start and compare to 5,after specifying base
>> ten.
>>
>> On May 22, 2014 6:17 PM, "Robert L. Harris" <robert.l.harris at gmail.com>
>> wrote:
>>>
>>>
>>> Anyone have a very simple C program source that given a command of :
>>>
>>> ./Validate XXXXX
>>>
>>>
>>> it will verify that XXXXX is a 5 digit integer and then execute
>>>
>>> system( "/bin/touch XXXXX");
>>>
>>>
>>>
>>> There's much more to it but I'm hung up on this.  Unfortunately I'm not a
>>> C person.
>>>
>>> Robert
>>>
>>>
>>> --
>>> :wq!
>>>
>>> ---------------------------------------------------------------------------
>>> Robert L. Harris
>>>
>>> DISCLAIMER:
>>>       These are MY OPINIONS             With Dreams To Be A King,
>>>        ALONE.  I speak for                      First One Should Be A Man
>>>        no-one else.                                     - Manowar
>>>
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> http://mail.ale.org/mailman/listinfo/ale
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> http://mail.ale.org/mailman/listinfo
>>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>
>
>
> --
> :wq!
> ---------------------------------------------------------------------------
> Robert L. Harris
>
> DISCLAIMER:
>       These are MY OPINIONS             With Dreams To Be A King,
>        ALONE.  I speak for                      First One Should Be A Man
>        no-one else.                                     - Manowar
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>



-- 
  Ed Cashin <ecashin at noserose.net>
  http://noserose.net/e/
  http://www.coraid.com/


More information about the Ale mailing list