«
»

execv-like system call

June 30th, 2009 by mopey

From the system man page, it explicitely says:

Do not use system() from a program with set-user-ID or set-group-ID privileges, because strange values for some environment variables might be used to subvert system integrity.

Since system is basically a fork and wait, it’s pretty easy to use execv instead. Here is a snippet from the goog_pam module I’m working on.

  PID = fork();
  if (PID == 0) {
    //child
    char* argvarray[4] = {progarg0, username, newpass, (char *) 0};
    execv(netprog, argvarray);
    if (debug == 1)
      printf("forking failure\n");
    report_error(1);
    return PAM_CRED_ERR;
  }
  else if (PID < 0) {
    if (debug == 1)
      printf("unexpected error\n");
    report_error(1);
    return PAM_CRED_ERR;
  }

  wait(&amp;execreturn);
  //make sure this does exit properly and isn't killed
  if (WIFEXITED(execreturn)) {
    rc = WEXITSTATUS(execreturn);
  }
  else {
    report_error(1);
    return PAM_CRED_ERR;
  }

The first 18 lines emulate a system call. The rest is used to get the return value, which you would also need to do with a system call. Basically, it has close to the same functionality as if it were:

  system("programcall");

  wait(&amp;execreturn);
  //make sure this does exit properly and isn't killed
  if (WIFEXITED(execreturn)) {
    rc = WEXITSTATUS(execreturn);
  }
  else {
    report_error(1);
    return PAM_CRED_ERR;
  }

Tags:

This entry was posted on Tuesday, June 30th, 2009 at 15:54 and is filed under Linux, Programming. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

No computers were harmed in the 0.263 seconds it took to produce this page.