[PATCH] libc: fix signal handling in system()

Rich Felker dalias at aerifal.cx
Tue Jan 17 15:10:03 UTC 2012


On Tue, Jan 17, 2012 at 07:51:12AM +0100, Richard Braun wrote:
> On Tue, Jan 17, 2012 at 03:03:19AM +0100, Laurent Bercot wrote:
> >  Yes, and that's not a problem. system() is a horrible interface
> > anyway, if only because of the automatic shell invocation and
> > parsing; no self-respecting Unix programmer should ever use it.
> > system() needs to be implemented for pure standards conformance,
> > but it can be done as it was conceived, i.e. as a quick and dirty
> > hack. Please, don't spend more time on it than strictly necessary
> > and keep your brain power available for more interesting parts of
> > the libc.
> 
> This is probably why this bug was overlooked for so long. Unfortunately,
> it's become more or less common practice in companies I've been working
> at, which is how I catched it (just to insist on the fact I don't
> personally use system() to anyone who can hire ;-)).

These sound like companies whose products should be avoided. ;-)

In all seriousness, any program using system() almost surely has very
buggy, and likely vulnerable, corner cases that will break horribly on
odd filenames, etc. There's almost never an instance of system() that
should not be replaced with posix_spawn+waitpid.

Rich


More information about the uClibc mailing list