patch 2
함수
취약점
command injection
배경지식
system()
andexecve()
work in different ways.system()
will always invoke the shell and this shell will execute the command as a separate process (this is why you can use wildcards and other shell facilities in the command line when usingsystem()
).
execve()
(and the other functions in theexec()
family) replaces the current process with the one being spawned directly (theexecve()
function doesn't return, except in case of failure). In factsystem()
implementation is supposed to use a sequence offork()
,execve()
andwait()
calls to perform its function.
patch
REDACTED! NOTHING TO SEE!