[jacobwcarlson]

It's weird that over the course of 7 hours no one on a site called Hacker News noticed that send_email.cpp passes unsanitized user-supplied args to system(). I've spent less than 5 minutes looking at this code, so maybe that's the worst of it. But if 5 minutes of investigation found 1980's style bugs I doubt that's the worst of it.

[xapata]

I haven't read the code, but regarding unsanitized user input... Isn't the user the, well, user, in this case?

Complaining about bad data in that situation is like complaining that an admin could hit the power switch.

Or maybe I've completely misunderstood the purpose of this software.

[Steeeve]

System() creates child processes, specified by parameters. If you don't sanitize your parameters, any child process could be created. If you run this software as root, that means root will run the command. If you run this as user, it's safer than root, but not actually safe.

1) The user isn't always the one providing user input.

2) When the user does provide input, the user isn't always smart.

3) Users do things that you never would have conceived.

Unsanitized system() calls are even worse than leaving your system wide open to a sql inection attack.

[nikanj]

All of the above apply to bash, but it still happily creates processes from user supplied input. As previously mentioned, not all software is run on a remote-access system for strangers on the internet.

[nul_byte]

You're right, unsanitized user input is a risk when its externally crafted. At best in this case, its more sloppy coding then a high security risk.

[tedunangst]

Do the arguments come from the user or the exchange? If the email is telling me my profits, and the exchange says my profits are ``cat /etc/passwd`` that could be bad.

[jacobwcarlson]

Assuming input is from a benign source is literally the cause every single security issue ever. It's bizarre that I've been downvoted for this. And you're commenting about how I'm wrong without even reading the code. I seriously don't understand this site.

[CJefferson]

I've read it, it's sloppy but fine.

The same user who feeds in the values for 'system' is also trusting the program with their bitcoins! This is (in my opinion) like saying "bash" is a security issue because you can give it bash scripts.

[Steeeve]

I, for one, am astounded at the responses in this thread of discussion.

> why shouldn't my financial system be as open as bash?

Oh my lord...

[xapata]

... but it ain't your financial system. Unless I've seriously misunderstood the README.

I put my cups in the dishwasher, not the autoclave. I use 2fa for my financial accounts, but not for my frisbee league. Security is about appropriate paranoia.

[Steeeve]

In no scenario is it better to allow arbitrary hidden process creation than to spend 10 minutes writing a function that validates parameters provided to launch a process.

[xapata]

I respectfully disagree.

[yunolisten]

welcome to the internet, where few actually look at or understand the details of posts the comment on :)

floats to represent currency?

https://github.com/butor/blackbird/issues/118

[ryanlol]

For someone to "exploit" this they must already have code execution.