STANDARD

Section: C Library Functions (3)
Updated: local
Index Return to Main Contents

NAME

standard, safe - standardize conditions in preparation for exec

SYNOPSIS

standard()

safe()

DESCRIPTION

Standard alters a process's environment to make it relatively safe to do execvp, system, popen, etc. It closes all descriptors except the standard ones and supplies a standard set of environment variables that ensure a standard interpretation of shell commands and a standard search path for programs.

Safe is similar, but is intended for use in shell escapes and suchlike. It leaves the environment variables untouched but turns off setuid and setgid permissions.

Use of either one permits a setuid/setgid program to run other programs without inadvertently bestowing special powers on nonstandard programs. Care must still be exercised as to what the standard descriptors refer to, and it is still possible for programs executed after use of standard (as opposed to safe) to give away special powers through their carelessness.

HISTORY

Local products.

BUGS

Standard must necessarily supply standard values for some environment variables, but it is not clear whether it should pass other variables through or eliminate them. The current implementation eliminates them, which is safer but sometimes inconvenient.

One can construct elaborate scenarios in which a setuid program employing safe could be duped into executing a user-supplied program in a current directory the user ordinarily could not have reached.

Possibly one or both should standardize the umask setting.

This document was created by man2html, using the manual pages.
Time: 05:46:23 GMT, January 05, 2023