[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "random" number seeds vs. Netscape




Patrick Horgan writes:
> Perry said:
> > 
> > Also be especially careful about how you run the thing! Don't use
> > popen or anything like it!
> 
> There's nothing inherently wrong with using popen or system.

Nor is there anything inherently wrong with having sex without the use
of a condom.

However, it is very difficult -- VERY DIFFICULT -- to prove to
yourself that there is never an instance in which your system() or
popen() can be abused. In any case, I find its often more prudent just
to strip all these things out of my code. If you don't use them, you
don't have to prove they are done properly. Paranoia is your
friend. No one can ever break you for doing something you don't do.

> The problem arises when you use information given to you from
> outside as the argument to popen or system without checking it.

Yup, but often, you'd be suprised what turns out to be outside data.

In any case, you obviously also understand why this is bad, but I hope
that people out there understan -- always make sure that you are
double extra careful about the use of such calls.

Perry