How and what could be improved in this code?

mina86 · 08-05-2020, 02:56 PM

Quote:

Originally Posted by dminican_slax

I feel like I have to reply to everyone but that'd make the thread too long.

Just post a new version of your code I suppose.

Quote:

Originally Posted by dminican_slax

I don't know a lot about system() and it's security implications,

The main security implications aren’t necessarily in the way you’re using system. You’re passing a string literals so some of the problems are addressed. Security issues manifest themselves mostly when you try to craft a string or take it from the user and execute that. For example:

Code:

#include <stdlib.h>
#include <stdio.h>

int main(int argc, char**argv) {
	char cmd[1024];
	snprintf(cmd, sizeof cmd,
		 "/bin/echo 'Hello, %s'",
		 argc < 2 ? "World" : argv[1]);
	system(cmd);
	return 0;
}

Code:

$ ./a 
Hello, World
$ ./a 'Jane Doe'
Hello, Jane Doe
$ ./a "Foo'; echo Executing evil command'"
Hello, Foo
Executing evil command

This particular issue can be fixed by using exec* which lets you pass arguments to the command directly (but remember that exec essentially ‘terminates’ process that calls the method so it’s not a drop-in replacement for system; to do what system does, the process first need to fork):

Code:

#include <stdio.h>
#include <unistd.h>

int main(int argc, char**argv) {
	char greeting[1024];
	snprintf(greeting, sizeof greeting,
		 "Hello, %s", argc < 2 ? "World" : argv[1]);
	execl("/bin/echo", "/bin/echo", greeting, (char*)0);
	return 1;
}

Code:

$ ./a "Foo'; echo executing evil command'"
Hello, Foo'; echo executing evil command'

There are some other attack vectors; not all of them are addressed by exec* functions. There are also of course some performance considerations which make system undesirable.

In your code one other issue is that you’re not quoting variables in the system commands, e.g. you should be using system("echo \"$SHELL\""); and same for other commands which print environment variables.

Speaking of environment variables though, there’s a getenv function which returns value of an environment variable if it’s set so you might prefer using that to system.

SoftSprocket · 08-06-2020, 07:48 AM

Quote:

Originally Posted by dminican_slax

Guys thanks for your answers, as I said I was just trying to practice the use of system() this code is the version 4 of it I'll check on it and see if I can implement some of the things you've suggested. I feel like I have to reply to everyone but that'd make the thread too long. I don't know a lot about system() and it's security implications, I'm just a noob with a kinda complex hobby.

Greetings,
dminican_slax

It's important to check return values, where they exist. You could read up on system (man 3 system) and implement some error checking.

Fat_Elvis · 09-02-2020, 02:27 AM

I would agree that this kind of program would work better in a simpler environment such as Bash. I believe that was a big part of the Unix mindset from the beginning: several small programs relying on one another.

Since you are calling many external programs, there is no real advantage to be using C for this purpose.

If you want something a bit fancier with menus and such, you could use something like Perl, or write only the graphical/menu part in C. You could use the ncurses library for this purpose, but it is not that hard to do by hand.

There are some great tutorials for writing text-mode programs in C. Here's one: https://viewsourcecode.org/snaptoken/kilo/

For an introduction to the C language (with some pretty tough exercises), an excellent place to start is the Kernighan & Ritchie book.