From the course: Secure Coding in C
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Using the system() call - C Tutorial
From the course: Secure Coding in C
Using the system() call
- [Instructor] The system() function allows direct access to the operating system. This level of control means you must be cautious with the commands sent. In this example, the command sent is static text shown at line 10. Providing the command is specified as safe and contains no potential for unintended consequences, this code is fine. And here's the Windows version of the same code, which also sends a static text string to the system() function. This code however represents a problem. The command's sent to the system just as if it was typed at the command prompt is supplied by the user. Input is gathered at line nine. The input function, the fgets function, would then be validated which isn't in this code, but unless it's parsed or filtered, it's whisked off to the operating system at line 11. The user could type any deleterious command and the computer dutifully obeys. Now you have several ways to address this…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
Formatting preprocessor directives1m 23s
-
(Locked)
Using an assignment as a condition1m 31s
-
(Locked)
Avoiding putchar() in a while loop1m 35s
-
(Locked)
Using the system() call1m 58s
-
(Locked)
Accessing elements beyond the array size2m 2s
-
(Locked)
Converting integers2m 26s
-
(Locked)
Looping with floating point values1m 39s
-
(Locked)
Using return values1m 58s
-
(Locked)
Confirming when EOF has been read2m 31s
-
(Locked)
Challenge: Fix the code1m 12s
-
(Locked)
Solution: Fix the code2m 12s
-
-
-
-
-