popen vs系统:popen和系统一样邪恶吗? [英] popen vs system: is popen as evil as system?

问题描述

popen缓冲输出，而系统不缓冲.那是唯一的区别吗?

popen buffers output while system does not. is that the only difference?

我知道popen和system都通过shell运行命令.但是，popen()是否作为 evil 作为system()?

I understand that popen and system both run the command through the shell. However, is popen() as evil as system()?

推荐答案

看起来，关于系统成为邪恶"的整个事情从本质上讲就是那些不考虑其特定用例的安全后果的人.系统 system 比执行自己的fork/dup/exec更加邪恶"的原因是使用不当，有人可能引入恶意命令行.例如，

Look, the whole thing about "system being evil" is, at heart, people who don't think about the security consequences of their particular use case. The only reason system is "more evil" than doing your own fork/dup/exec is that used badly, it's possible for someone to introduce a malicious command line. So, for example

#include <stdlib.h>

int main(int argc, char** argv){
    (void) system(argv[1]);
}

肯定是 dumb ，因为有人可以将例如rm -rf /作为参数.而且，当然，可以使用 popen 来完成类似的操作.

is certainly dumb, because someone could put, eg, rm -rf / in as the argument. And, of course, something similarly dumb could be done with popen.

但是然后考虑使用命令的用户字符串执行 fork 和 exec 的事情:存在完全相同的漏洞和愚蠢.

But then consider something that does fork and exec using a user string for the command: the exact same vulnerability and stupidity exists.

弊端-就是说错误-在于使用随机输入的字符串作为没有经过过滤的命令，而不是在 system 调用中.

The evil -- which is to say, the error -- lies in using a random input string as a command without some filtering, not in the system call.

这篇关于popen vs系统:popen和系统一样邪恶吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！