|
|
|
|
|
|
by Steeeve
3378 days ago
|
|
|
System() creates child processes, specified by parameters. If you don't sanitize your parameters, any child process could be created. If you run this software as root, that means root will run the command. If you run this as user, it's safer than root, but not actually safe. 1) The user isn't always the one providing user input. 2) When the user does provide input, the user isn't always smart. 3) Users do things that you never would have conceived. Unsanitized system() calls are even worse than leaving your system wide open to a sql inection attack. |
|
|