From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 17281 invoked by alias); 2 Dec 2011 00:12:38 -0000 Received: (qmail 17271 invoked by uid 22791); 2 Dec 2011 00:12:36 -0000 X-SWARE-Spam-Status: No, hits=-7.5 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,RP_MATCHES_RCVD,SPF_HELO_PASS X-Spam-Check-By: sourceware.org Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Fri, 02 Dec 2011 00:12:16 +0000 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id pB20CG1a027120 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 1 Dec 2011 19:12:16 -0500 Received: from [10.3.113.136] (ovpn-113-136.phx2.redhat.com [10.3.113.136]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id pB20CFHU028213; Thu, 1 Dec 2011 19:12:15 -0500 Message-ID: <4ED817DE.5030003@redhat.com> Date: Fri, 02 Dec 2011 00:12:00 -0000 From: Eric Blake User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20111115 Thunderbird/8.0 MIME-Version: 1.0 To: cygwin@cygwin.com, pnbrown@llnl.gov Subject: Re: system mkdir References: <20111128203357.GB8758@ednor.casa.cgf.cx> <4ED3F409.5020309@redhat.com> In-Reply-To: OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enig6C4018C9CD604F4284AB036F" X-IsSubscribed: yes Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com X-SW-Source: 2011-12/txt/msg00014.txt.bz2 --------------enig6C4018C9CD604F4284AB036F Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-length: 1655 On 12/01/2011 04:32 PM, Peter Brown wrote: >>> Yes. Use the mkdir() function. That is, in fact, very similar to how = it >>> should be done in Visual Studio too. I still say using mkdir() is the right solution - use a simple function, rather than a call to system(). > This seems to work for me. >=20 > int MySystem(char *s) > { > int answer; > char syscmd[2048]; > sprintf(syscmd,"cmd /c bash -c 'umask 0077;%s'",s); > answer =3D system( syscmd ); > return answer; Ouch. A thousand times NOOOOO. DON'T DO THAT. You just made a HUGE security hole. All I have to do is call: MySystem("rm -rf /"); and I've nuked your system. Or, I could call MySystem() and stack overflow you. Or any other number of flaws. And even if those weren't issues, you ruined my quoting. I should be able to do system("echo 'a b'") and get "a b" on stdout, but the way you butchered quoting, my single quotes terminate the argument to cmd, and completely hose things. You DON'T want to use system() unless absolutely necessary, and then only with proper quoting. And you don't want to use sprintf on arbitrary input; stick to snprintf, or to asprintf. And seriously - calling cmd /c just to call bash just to call commands that will be interpreted by bash, when you could have just used commands interpreted by bash to begin with? If system() isn't calling cygwin's /bin/sh, then you aren't using cygwin properly. Don't make it worse by wrapping system() to go through another two layers of quoting nightmares. --=20 Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --------------enig6C4018C9CD604F4284AB036F Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" Content-length: 620 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJO2BffAAoJEKeha0olJ0NqmnwH/jCIBTkTC/Ru2bKTFK9Wp6DT 8VzUyVwavt1gPA+MtcDs62vMIFFEJfgxztY1WbDLnzYjnQqtvTibhRum73hYo5zi 4T0KtMRQBgAPuckA1MjIRk+G7p9Pp+/NOK43Wvgzfpresfp3s84rxrBX7TLpRd9f w/5Q+ytXTR+XZsF2zwcLc5rnoF4AV3TvU/u+NClNlg3doqggLACiFN3H+NCYtJIi EoEX3nQ1CyfTrx+YyAu1A9eSFqrBPb9ecNP1RnPTeXVTxBKGbaOrQl1KYqawADzw oMuURicPQDo0qzrZTLE5zfjPYs/5ryQUVJuaCqYXbKlN9e2DwMlXrZkNKN2PW0A= =aPnL -----END PGP SIGNATURE----- --------------enig6C4018C9CD604F4284AB036F--