X-Recipient:	archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status:	No, hits=-7.5 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,RP_MATCHES_RCVD,SPF_HELO_PASS
X-Spam-Check-By:	sourceware.org
Message-ID:	<4ED817DE.5030003@redhat.com>
Date:	Thu, 01 Dec 2011 17:12:14 -0700
From:	Eric Blake <eblake AT redhat DOT com>
User-Agent:	Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20111115 Thunderbird/8.0
MIME-Version:	1.0
To:	cygwin AT cygwin DOT com, pnbrown AT llnl DOT gov
Subject:	Re: system mkdir
References:	<CAKfLWNo3MTYWNZj0G-giFSe8PkBsP+0P1J+C9u-nrvo0JfrZnw AT mail DOT gmail DOT com> <CAKfLWNqbU2SAYByjgaXLvLxZFQnNvHfWG+7ww_ORWpdBWpKy4Q AT mail DOT gmail DOT com> <20111128203357 DOT GB8758 AT ednor DOT casa DOT cgf DOT cx> <4ED3F409 DOT 5020309 AT redhat DOT com> <loom DOT 20111202T003035-848 AT post DOT gmane DOT org>
In-Reply-To:	<loom.20111202T003035-848@post.gmane.org>
OpenPGP:	url=http://people.redhat.com/eblake/eblake.gpg
X-IsSubscribed:	yes
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com

--------------enig6C4018C9CD604F4284AB036F
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 12/01/2011 04:32 PM, Peter Brown wrote:
>>> Yes.  Use the mkdir() function.  That is, in fact, very similar to how =
it
>>> should be done in Visual Studio too.

I still say using mkdir() is the right solution - use a simple function,
rather than a call to system().

> This seems to work for me.
>=20
> int MySystem(char *s)
> {
>   int answer;
>   char syscmd[2048];
>   sprintf(syscmd,"cmd /c bash -c 'umask 0077;%s'",s);
>   answer =3D system( syscmd );
>   return answer;

Ouch. A thousand times NOOOOO. DON'T DO THAT.  You just made a HUGE
security hole.  All I have to do is call:

MySystem("rm -rf /");

and I've nuked your system.  Or, I could call MySystem(<string longer
than 2048 bytes>) and stack overflow you.  Or any other number of flaws.

And even if those weren't issues, you ruined my quoting.  I should be
able to do system("echo 'a  b'") and get "a  b" on stdout, but the way
you butchered quoting, my single quotes terminate the argument to cmd,
and completely hose things.

You DON'T want to use system() unless absolutely necessary, and then
only with proper quoting.  And you don't want to use sprintf on
arbitrary input; stick to snprintf, or to asprintf.  And seriously -
calling cmd /c just to call bash just to call commands that will be
interpreted by bash, when you could have just used commands interpreted
by bash to begin with?  If system() isn't calling cygwin's /bin/sh, then
you aren't using cygwin properly.  Don't make it worse by wrapping
system() to go through another two layers of quoting nightmares.

--=20
Eric Blake   eblake AT redhat DOT com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


--------------enig6C4018C9CD604F4284AB036F
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJO2BffAAoJEKeha0olJ0NqmnwH/jCIBTkTC/Ru2bKTFK9Wp6DT
8VzUyVwavt1gPA+MtcDs62vMIFFEJfgxztY1WbDLnzYjnQqtvTibhRum73hYo5zi
4T0KtMRQBgAPuckA1MjIRk+G7p9Pp+/NOK43Wvgzfpresfp3s84rxrBX7TLpRd9f
w/5Q+ytXTR+XZsF2zwcLc5rnoF4AV3TvU/u+NClNlg3doqggLACiFN3H+NCYtJIi
EoEX3nQ1CyfTrx+YyAu1A9eSFqrBPb9ecNP1RnPTeXVTxBKGbaOrQl1KYqawADzw
oMuURicPQDo0qzrZTLE5zfjPYs/5ryQUVJuaCqYXbKlN9e2DwMlXrZkNKN2PW0A=
=aPnL
-----END PGP SIGNATURE-----

--------------enig6C4018C9CD604F4284AB036F--

- Raw text -