[Secure-testing-team] Bug#882222: Document security problems with system.3 and popen.3 (argument injection)
Bastien ROUCARIES
roucaries.bastien at gmail.com
Mon Nov 20 11:29:53 UTC 2017
Package: manpages-dev
Version: 4.13-3
Severity: grave
Tags: security
X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org
Justification: more than 20 security bugs filled in other package
control: clone -1 -2
control: reaffect -2 glibc-doc
Please document the implication of system.3 and popen.3, particularly
argument injection.
Please get inspiration from ENV33-C. Do not call system()
Sugest to use execvp and please provide example of secure alternative
for both API
Note that escaping argument is not portable particularly if argument
include control char for a POSIX shell.
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152177
Use of the system() function can result in exploitable
vulnerabilities, in the worst case allowing execution of arbitrary
system commands. Situations in which calls to system() have high risk
include the following:
When passing an unsanitized or improperly sanitized command string
originating from a tainted source
If a command is specified without a path name and the command
processor path name resolution mechanism is accessible to an attacker
If a relative path to an executable is specified and control over the
current working directory is accessible to an attacker
If the specified executable program can be spoofed by an attacker
More information about the Secure-testing-team
mailing list