1. System (execute shell command)
Correlation function Fork,execve,waitpid,popen
table header file #include <stdlib.h>
defines the function int system (const char * string);
The function Description system () calls fork () to produce a child process that calls/bin/sh-cstring to execute the command represented by the argument string string, which returns the previously invoked process. The SIGCHLD signal is temporarily shelved while the system () is being called, and the SIGINT and sigquit signals are ignored.
The return value returns 127 if system () fails when calling/bin/sh, and returns 1 for other failure reasons. If the argument string is a null pointer (null), a value other than 0 is returned. If the system () call succeeds, the return value after executing the shell command is returned, but this return value may also be 127 of the return of the system () call to/bin/sh failure, so it is better to check the errno again to confirm that the execution was successful.
Additional instructions do not use System () when writing programs with Suid/sgid permissions, and System () inherits environment variables, which can cause system security issues through environment variables.
Example:
#include <stdlib.h>void main () { -al/etc/passwd/etc/Shadow "); return ;}
View Code
2, Popen (Establish pipeline I/O) Correlation function Pipe,mkfifo,pclose,fork,system,fopen
table header file #include <stdio.h>
Defining Functions FILE * Popen (const char * command,const char *type);
The function Description popen () invokes fork () to produce the child process and then calls/BIN/SH-C from the child process to execute the command of the parameter command. The parameter type can be read with "R", "W"
Represents the write. According to this type value, Popen () establishes a standard output device or standard input device that the pipeline connects to the child process, and then returns a file pointer. The process can then use this file pointer to read the output device of the child process or write to the standard input device of the child process. In addition, all functions that use the file pointer (file*) operation are also available, except for fclose ().
The return value Returns a file pointer if successful, otherwise returns NULL, and the reason for the error is stored in errno. The error code einval parameter type is not valid.
note When writing programs with Suid/sgid permissions, try to avoid using popen (), Popen () will inherit environment variables and may cause system security problems through environment variables.
Example:
#include <stdio.h>void main () { * fp; Char buffer[]; FP=popen ("cat/etc/passwd", "R"); Fgets (buffer,sizeof(buffer), FP); printf ("%S", buffer); Pclose (FP); return ;} Executive root:x:00: Root:/root:/bin/bash
View Code
3. Create a new child process using vfork () and call the EXEC function family
#include <unistd.h>void main () { char* argv[]={"ls", "-al", "/etc/passwd", ( Char*)}; if (vfork () =0) { execv ("/bin/ls", argv); } Else { is the parentprocess\n "); } return ;}
View Code
Linux under C program insert execute shell script