UNIX Environment Programming Learning Note (22)--Process Management system function execute command line string

Lienhua34
2014-10-15

ISO C defines the system function for executing a command string in a program. Its statement is as follows,

#include <stdlib.h>

int system (const char *cmdstring);

The system function calls the fork, exec, and WAITPID functions in its implementation. The system function calls the fork function to create the child process, and then calls '/bin/sh-c cmdstring ' to execute the command-line argument cmdstring, which returns the called process when the command finishes executing. The SIGCHLD signal is temporarily shelved while the system function is called, and the SIGINT and sigquit signals are ignored.

The return value of the system function is a bit complex, in the following cases,

1. If cmdstring is a null pointer, a non-0 value is returned only if the command handler handler is available. This feature can be used to determine whether an operating system supports system functions. UNIX systems always support the system function.

2. If fork fails or waitpid returns an error other than EINTR, then system returns-1, and the error type value is set in errno.

3. If Exec fails (indicating that the shell cannot be executed), its return value is equivalent to the termination state of the shell after exit (127).

4. If all three functions (fork, exec, and waitpid) are successful, the return value of system is the terminating state after the shell executes the command parameter cmdstring.

With the description of the return value above, we find that when the command-line argument cmdstring is not a null pointer, we can determine whether the system function succeeds by judging whether the return value is. In other cases, we can handle the return value of the system function as described in the document "Get the wait and WAITPID functions for process termination state" As explained in the processing termination state. Let's take a look at an example,

#include <stdio.h>#include<stdlib.h>#include<string.h>#include<errno.h>#include<unistd.h>#include<sys/wait.h>extern voidPrint_exit (intstatus);intMain (void){  intstatus; if(Status = System ("Date")) <0) {printf ("system () Error:%s\n", Strerror (errno)); Exit (-1);  } print_exit (status); if(Status = System ("Nosuchcommand")) <0) {printf ("system () Error:%s\n", Strerror (errno)); Exit (-1);  } print_exit (status); if(Status = System ("Who ; exit")) <0) {printf ("system () Error:%s\n", Strerror (errno)); Exit (-1);    } print_exit (status); Exit (0);}voidPrint_exit (intstatus) {  if(wifexited (status)) {printf ("normal termination, exit status =%d\n", Wexitstatus (status)); } Else if(wifsignaled (status)) {printf ("abnormal termination, signal number =%d\n", Wtermsig (status)); }}

As described in the previous procedure, we can handle the return value of the system function as if it were a process termination state. Compile the program, generate and execute the file Systemdemo,

lienhua34:demo$GCC-o systemdemo systemdemo.clienhua34:demo$./systemdemo2014 Wednesday, October 15 at: the: -cstnormal termination, exit status=0SH:1: Nosuchcommand:not foundnormal termination, exit status=127Lienhua34 Tty7 the-Ten- the  A: -lienhua34 pts/0  the-Ten- the  A:Panax Notoginseng(:0.0) lienhua34 pts/3  the-Ten- the  at:Ten(:0.0) normal termination, exit status= -lienhua34:demo$

The advantage of the system function creation process with respect to the combination of fork and exec functions is that the system function makes all the necessary error handling, as well as various signal processing. However, the system function has its Achilles heel: There is a security vulnerability to using the system function in setting up the user ID program. Let's look at an example below.

The following program uses the system function to execute the first command-line argument. Compile the program into an executable file, Tsys.

#include <stdlib.h>#include<stdio.h>#include<string.h>#include<errno.h>intMain (intargcChar*argv[]) {  intstatus; if(ARGC <2) {printf ("command-line argument required.\n"); Exit (-1); }  if(Status = System (argv[1])) <0) {printf ("system error:%s\n", Strerror (errno)); Exit (-1); } exit (0);}

The following is a program that prints the actual user ID and valid user ID of the process and compiles the program into an executable file, Printuids.

#include <stdlib.h><stdio.h><unistd.h>intmain (void  ) {    printf ("real uid=%d, effective uid=%d\n", Getuid (), Geteuid ());    Exit (0);}

Using these two executables, we perform the following actions,

lienhua34:demo$./tsys./printuidsreal UID= +, effective uid= +lienhua34:demo$su# ChownRoot tsys#chmodu+s tsys#ls-L Tsys-rwsrwxr-x1Root Lienhua347358October the  at:Panax Notoginsengtsys# exitexitlienhua34:demo$./tsys./printuidsreal UID= +, effective uid=0

During the execution of the above, we set the owner of the Tsys file to Superuser root and set the user ID bit. Thus, when executing the Tsys file, the process has a valid user ID of 0 (that is, root). The child process that calls the system function to execute the Printuids file inherits this valid user ID, so the subprocess has a lot of permissions to perform any program commands that could potentially cause fatal damage. This is the security vulnerability of the system function.

If a process runs with special permissions (set user ID or set group ID) and it wants to generate another process to execute another program, it should use fork and exec directly, and revert to normal permissions after the fork and exec. Setting the user ID or setting the group ID program should never call the system function.

(done)

UNIX Environment Programming Learning Note (22)--Process Management system function execute command line string