Document the fact that system(3) can easily be misused due to shell meta

characters are honored. While I'm there also mention posix_spawn in the SEE ALSO section. MFC after: 2 weeks
author: delphij <delphij@FreeBSD.org> 2015-07-25 00:21:29 +0000
committer: delphij <delphij@FreeBSD.org> 2015-07-25 00:21:29 +0000
commit: 507c7ca6337ce372246e5b89f16c2229dc246e66 (patch)
tree: 4b411dbf1606ef6a2f26c02e5232766073d2e908 /lib/libc/stdlib
parent: 527ac1e9fb2b2f29df0bcfb2e91053cea93956bb (diff)
download: FreeBSD-src-507c7ca6337ce372246e5b89f16c2229dc246e66.zip
FreeBSD-src-507c7ca6337ce372246e5b89f16c2229dc246e66.tar.gz
1 files changed, 14 insertions, 2 deletions
diff --git a/lib/libc/stdlib/system.3 b/lib/libc/stdlib/system.3
index 3cea71e..4fd61bc 100644
--- a/lib/libc/stdlib/system.3
+++ b/lib/libc/stdlib/system.3
@@ -32,7 +32,7 @@
 .\"     @(#)system.3	8.1 (Berkeley) 6/4/93
 .\" $FreeBSD$
 .\"
-.Dd June 4, 1993
+.Dd July 25, 2015
 .Dt SYSTEM 3
 .Os
 .Sh NAME
@@ -87,7 +87,8 @@ failed.
 .Xr execve 2 ,
 .Xr fork 2 ,
 .Xr waitpid 2 ,
-.Xr popen 3
+.Xr popen 3 ,
+.Xr posix_spawn 3
 .Sh STANDARDS
 The
 .Fn system
@@ -97,3 +98,14 @@ conforms to
 and is expected to be
 .St -p1003.2
 compatible.
+.Sh SECURITY CONSIDERATIONS
+The
+.Fn system
+function is easily misused in a manner that enables a malicious
+user to run arbitrary command,
+because all meta-characters supported by
+.Xr sh 1
+would be honored.
+User supplied parameters should always be carefully santized
+before they appear in
+.Fa string.
author	delphij <delphij@FreeBSD.org>	2015-07-25 00:21:29 +0000
committer	delphij <delphij@FreeBSD.org>	2015-07-25 00:21:29 +0000
commit	507c7ca6337ce372246e5b89f16c2229dc246e66 (patch)
tree	4b411dbf1606ef6a2f26c02e5232766073d2e908 /lib/libc/stdlib
parent	527ac1e9fb2b2f29df0bcfb2e91053cea93956bb (diff)
download	FreeBSD-src-507c7ca6337ce372246e5b89f16c2229dc246e66.zip FreeBSD-src-507c7ca6337ce372246e5b89f16c2229dc246e66.tar.gz