dsdv76767671 2014-02-09 16:46
浏览 7
已采纳

在生产代码中使用系统功能[关闭]

Why is it told that, usage of system function in a production code is not advisable? How is this different from using exec family of functions?

Clarification: I have read it in many places that, it is unwise to use system function, when we are doing something at a commercial level. But It never occurred to me as what might be the problem, and how using exec family is considered better than system .As far as I am concerned, my concerns are clarified

  • 写回答

1条回答 默认 最新

  • du94414 2014-02-09 17:19
    关注

    This question is tagged C, php and python. I don't know python, but C and PHP functions system functions differ in at least one respect: the PHP function has an optional second argument.

    In C (and according to the documentation, PHP does the same thing), system runs the command by executing /bin/sh -c command. The issue here is whether command is completely under your control. If command is a constant string, you are reasonably safe. However, if command has any user provided elements, you better be very careful. Let's say you thought this was a good way to add a string $foo to a log.

    system ("echo '$foo' >> /var/log/bar");
    

    in php is not going to be a great idea, because $foo might contain the following (including the quotes)

    'x && /bin/rm -rf / && echo '
    

    Much better use something like exec where you don't need to worry about quoting, separating parameters etc. (rather than pass it through /bin/sh), and even then you need to be very careful.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 jupyterthemes 设置完毕后没有效果
  • ¥15 matlab图像高斯低通滤波
  • ¥15 针对曲面部件的制孔路径规划,大家有什么思路吗
  • ¥15 钢筋实图交点识别,机器视觉代码
  • ¥15 如何在Linux系统中,但是在window系统上idea里面可以正常运行?(相关搜索:jar包)
  • ¥50 400g qsfp 光模块iphy方案
  • ¥15 两块ADC0804用proteus仿真时,出现异常
  • ¥15 关于风控系统,如何去选择
  • ¥15 这款软件是什么?需要能满足我的需求
  • ¥15 SpringSecurityOauth2登陆前后request不一致