Linux API system()安全性问题

Use of the system() function can result in exploitable vulnerabilities, in the worst case allowing execution of arbitrary system commands. Situations in which calls to system()have high risk include the following:

1. When passing an unsanitized or improperly sanitized command string originating from a tainted source
2. If a command is specified without a path name and the command processor path name resolution mechanism is accessible to an attacker
3. If a relative path to an executable is specified and control over the current working directory is accessible to an attacker
4. If the specified executable program can be spoofed by an attacker

system()实现

system() 实现是通过fork和execv实现，详细code如下:

安全性

从上面code可以看出，安全性主要体现在shell执行上特性。
1、shell 可以运行不止一条cmd (通过；)，容易被利用

2、shell 有些命令的运行结果依赖环境变量

参考url

https://*.com/questions/43197676/is-system-call-in-c-program-safe/43197711
https://*.com/questions/48069989/are-all-system-calls-a-security-risk-in-c
https://wiki.sei.cmu.edu/confluence/plugins/servlet/mobile#content/view/2130132
https://*.com/questions/27461936/system-vs-execve