* OPP and execl
@ 2005-07-28 19:10 Robert L Waldrop
0 siblings, 0 replies; only message in thread
From: Robert L Waldrop @ 2005-07-28 19:10 UTC (permalink / raw)
To: martin.herfurt, marcel, bluez-users
Hi Everyone in BlueZ world,
I'm playing around with some OPP fun and was wondering whether anyone
had run into security issues using execl(...) from unistd.h. I'm
wondering if it is prone to a shell attack or buffer overrun if I
use it like this...
execl("/my/mycmd","mycmd","arg1","arg2");
Somehow the call forces arg1 (regardless of content, including special
characters like semi-colons) to be the argument of mycmd. But I'm
curious if maybe there is a combination of characters that aren't
escaped correctly and someone might be able to invoke a second command
or effect the kernel.
Also wondering if I'm susceptible to someone passing a large string
as arg1 if I open that up to the user.
If there are such problems, what is the typical answer to the need for
exec.
Muchas Gracias!
--bob w.
--
Robert Waldrop Motorola Personal Communications Sector
rwaldrop@urbana.css.mot.com Urbana-Champaign Design Center
voice 217-384-8719 1800 South Oak Street
Champaign IL 61820
[X] Motorola General Business Information
[ ] Motorola Internal Use Only
[ ] Motorola Confidential Proprietary
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2005-07-28 19:10 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-07-28 19:10 OPP and execl Robert L Waldrop
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox