system() avoidance: Replace system() of simple commands with `PRO…

…C_CMD()` - Use hardcoded path for system executables for security - Use `/bin/sh` for executing shell scripts (use `#!/usr/bin/env bash` in scripts to make them executed by `bash` instead)
ccns · Oct 5, 2020 · 526cd16 · 526cd16
1 parent 2e9c2df
commit 526cd16
Show file tree

Hide file tree

Showing 11 changed files with 66 additions and 73 deletions.
diff --git a/include/dao.h b/include/dao.h
@@ -177,6 +177,7 @@ int xwrite(int fd, const char *data, int size);
 #endif
 
 /* `proc_runl` without the need of `arg0` and trailing `NULL` */
+/* Use `PROC_CMD(path, NULL)` when no other arguments are needed */
 #define PROC_CMD(path, ...) proc_runl(path, path, __VA_ARGS__, NULL)
 
 #endif  /* DAO_H */
diff --git a/maple/acct.c b/maple/acct.c
@@ -2312,15 +2312,12 @@ void brd_edit(int bno)
             /* 以免造成*bname為NULL時，會砍到 gem/brd and brd。 statue.000728 */
             if (*bname)
             {
-                char cmd[256];
                 sprintf(buf, "gem/brd/%s", bname);
                 //f_rm(buf);
                 //f_rm(buf + 4);
                 /* 100721.cache: f_rm is buggy... */
-                sprintf(cmd, "rm -rf %s", buf);
-                system(cmd);
-                sprintf(cmd, "rm -rf %s", buf + 4);
-                system(cmd);
+                PROC_CMD("/bin/rm", "-rf", buf);
+                PROC_CMD("/bin/rm", "-rf", buf + 4);
                 memset(&newbh, 0, sizeof(newbh));
                 sprintf(newbh.title, "[%s] deleted by %s", bname,
                         cuser.userid);
@@ -2858,8 +2855,8 @@ int m_register(void)
                     ("\n\n\x1b[1;33m請確定沒有其他站務在審核，否則將造成\x1b[1;31;5m使用者資料嚴重錯誤!\x1b[m\n\n\n");
                 if (vans("確定無其他站務審核中？") == 'y')
                 {
-                    system("/bin/cat run/" FN_RFORM ".tmp >> run/" FN_RFORM
-                           ";/bin/rm -f " BBSHOME "/run/" FN_RFORM ".tmp");
+                    system("/bin/cat run/" FN_RFORM ".tmp >> run/" FN_RFORM);
+                    PROC_CMD("/bin/rm", "-f", BBS_HOME "/run/" FN_RFORM ".tmp");
                     vmsg("修正完畢，下次請小心審核! 按任意鍵重新開始.");
                 }
             }
@@ -2973,7 +2970,7 @@ int m_trace(void)
         case '1':
             if (otflag)
             {
-                system("/bin/touch trace");
+                PROC_CMD("/bin/touch", "trace");
                 msg = "BBS   tracing enabled.";
                 report("opened report log");
             }
@@ -2988,7 +2985,7 @@ int m_trace(void)
         case '2':
             if (ctflag)
             {
-                system("/bin/touch trace.chatd");
+                PROC_CMD("/bin/touch", "trace.chatd");
                 msg = "Chat  tracing enabled.";
                 report("chatd trace log opened");
             }
@@ -3003,7 +3000,7 @@ int m_trace(void)
         case '3':
             if (btflag)
             {
-                system("/bin/touch trace.bvote");
+                PROC_CMD("/bin/touch", "trace.bvote");
                 msg = "BVote tracing enabled.";
                 report("BVote trace log opened");
             }

diff --git a/maple/mail.c b/maple/mail.c
@@ -1289,7 +1289,7 @@ int
 m_setmboxdir(void)
 {
 
-    char upath[128], fpath1[128], fpath2[128], id[5];
+    char upath[128], fpath1[128], id[5];
 
     pmsg2("警告：本功\能只能在信箱已毀損時使用");
     pmsg2("警告：重建索引並不能保證信箱的完整");
@@ -1304,10 +1304,8 @@ m_setmboxdir(void)
 
         sprintf(fpath1, BBSHOME "/usr/%s/%s", id, cuser.userid);
 
-        sprintf(fpath2, BBSHOME "/" BINARY_SUFFIX "redir");
-
         chdir(fpath1);
-        system(fpath2);
+        PROC_CMD(BBSHOME "/" BINARY_SUFFIX "redir", NULL);
         f_mv(".DIR.@", FN_DIR);
         chdir(BBSHOME);
 

diff --git a/so/adminutil.c b/so/adminutil.c
@@ -660,7 +660,7 @@ update_spammer_acl(void)
 {
     if (access(FN_ETC_SPAMMER_ACL".new", 0))
     {
-        system(BINARY_SUFFIX"clean_acl " FN_ETC_SPAMMER_ACL " " FN_ETC_SPAMMER_ACL".new");
+        PROC_CMD(BINARY_SUFFIX"clean_acl", FN_ETC_SPAMMER_ACL, FN_ETC_SPAMMER_ACL".new");
         rename(FN_ETC_SPAMMER_ACL".new", FN_ETC_SPAMMER_ACL);
     }
     else
@@ -672,7 +672,7 @@ update_untrust_acl(void)
 {
     if (access(FN_ETC_UNTRUST_ACL".new", 0))
     {
-        system(BINARY_SUFFIX"clean_acl " FN_ETC_UNTRUST_ACL " " FN_ETC_UNTRUST_ACL ".new");
+        PROC_CMD(BINARY_SUFFIX"clean_acl", FN_ETC_UNTRUST_ACL, FN_ETC_UNTRUST_ACL".new");
         rename(FN_ETC_UNTRUST_ACL".new", FN_ETC_UNTRUST_ACL);
     }
     else
@@ -879,11 +879,11 @@ const void *arg)
     switch (select)
     {
     case 1:
-        system(BINARY_SUFFIX"camera");
+        PROC_CMD(BINARY_SUFFIX"camera", NULL);
         logitfile(FN_RESET_LOG, "< 動態看板 >", NULL);
         break;
     case 2:
-        system(BINARY_SUFFIX"acpro");
+        PROC_CMD(BINARY_SUFFIX"acpro", NULL);
         board_main();
         logitfile(FN_RESET_LOG, "< 分類看板 >", NULL);
         break;
@@ -898,17 +898,17 @@ const void *arg)
         logitfile(FN_RESET_LOG, "< 異常程序 >", NULL);
         break;
     case 5:
-        system(BINARY_SUFFIX"makefw");
+        PROC_CMD(BINARY_SUFFIX"makefw", NULL);
         logitfile(FN_RESET_LOG, "< 擋信列表 >", NULL);
         break;
     case 6:
         system("kill -9 `ps -auxwww | grep xchatd | awk '{print $2}'`");
         logitfile(FN_RESET_LOG, "< 主聊天室 >", NULL);
         break;
     case 7:
-        system(BINARY_SUFFIX"camera; "
-               BINARY_SUFFIX"acpro; "
-               "kill -9 `ps -auxwww | grep innbbsd | awk '{print $2}'`; "
+        PROC_CMD(BINARY_SUFFIX"camera", NULL);
+        PROC_CMD(BINARY_SUFFIX"acpro", NULL);
+        system("kill -9 `ps -auxwww | grep innbbsd | awk '{print $2}'`; "
                "kill -9 `ps -auxwww | grep bbslink | awk '{print $2}'`; "
                "kill -9 `ps -auxwww | grep bbsnnrp | awk '{print $2}'`; "
                "kill -9 `ps -auxwww | grep xchatd  | awk '{print $2}'`");

diff --git a/so/pip.c b/so/pip.c
@@ -1622,8 +1622,8 @@ pip_write_backup(void)
     clrtobot();
     sprintf(buf1, "儲存 [%s] 檔案完成了", files[num - 1]);
     vmsg(buf1);
-    sprintf(buf, "/bin/cp %s %s.bak%d", get_path(cuser.userid, "chicken"), get_path(cuser.userid, "chicken"), num);
-    system(buf);
+    sprintf(buf, "%s%d", get_path(cuser.userid, "chicken.bak"), num);
+    PROC_CMD("/bin/cp", get_path(cuser.userid, "chicken"), buf);
     return 0;
 }
 
@@ -1686,10 +1686,9 @@ pip_read_backup(void)
     sprintf(buf, "讀取 [%s] 檔案完成了", files[num - 1]);
     vmsg(buf);
 
-    sprintf(buf1, "/bin/touch %s%d", get_path(cuser.userid, "chicken.bak"), num);
-    sprintf(buf2, "/bin/cp %s.bak%d %s", get_path(cuser.userid, "chicken"), num, get_path(cuser.userid, "chicken"));
-    system(buf1);
-    system(buf2);
+    sprintf(buf1, "%s%d", get_path(cuser.userid, "chicken.bak"), num);
+    PROC_CMD("/bin/touch", buf1);
+    PROC_CMD("/bin/cp", buf1, get_path(cuser.userid, "chicken"));
     pip_read_file(&d, cuser.userid);
     return 0;
 }
@@ -5097,8 +5096,7 @@ pip_ending_screen(void)
     endgrade = pip_game_over(endgrade);
     /* inmoney(endgrade*10*ba);
       inexp(endgrade*ba);*/
-    sprintf(buf, "/bin/rm %s", get_path(cuser.userid, "chicken"));
-    system(buf);
+    PROC_CMD("/bin/rm", get_path(cuser.userid, "chicken"));
     sprintf(buf, "得到 %d 元，%d 點經驗值", endgrade*10*ba, endgrade*10);
     vmsg(buf);
     vmsg("下一頁是小雞資料  趕快copy下來作紀念");

diff --git a/util/account.c b/util/account.c
@@ -443,10 +443,10 @@ gzip(
 {
     char buf[128];
 
-    sprintf(buf, "`which gzip` -n log/%s%s", target, stamp);
-    /* rename(source, &buf[13]); */
-    f_mv(source, &buf[17]); /* Thor.990409: 可跨 partition */
-    system(buf);
+    sprintf(buf, "log/%s%s", target, stamp);
+    /* rename(source, buf); */
+    f_mv(source, &buf[4]); /* Thor.990409: 可跨 partition */
+    PROC_CMD("/bin/gzip", "-n", buf);
 }
 
 
@@ -458,8 +458,8 @@ gtar(
 {
     char buf[128];
 
-    sprintf(buf, "`which tar` cfz log/%s%s.tgz %s", target, stamp, source);
-    system(buf);
+    sprintf(buf, "log/%s%s.tgz", target, stamp);
+    PROC_CMD("/bin/tar", "cfz", buf, source);
 
     if (prune)
     {
@@ -527,8 +527,7 @@ main(void)
 
     if (rename(run_file, tmp_file))
     {
-        sprintf(buf, "touch %s", tmp_file);
-        system(buf);
+        PROC_CMD("bin/touch", tmp_file);
     }
     if ((fp = fopen(tmp_file, "r")) == NULL)
         error(tmp_file);
@@ -653,11 +652,11 @@ main(void)
         /* 以下是目前沒有在使用的紀錄 */
 
 //        sprintf(title, "[記錄] %s使用次數統計", date);
-//        system(BINARY_SUFFIX"spss.sh");
+//        PROC_CMD("bin/sh", BINARY_SUFFIX"spss.sh");
 //        keeplog("run/spss.log", NULL, title, 2);
 
 //        sprintf(title, "[記錄] %s版面閱\讀次數統計", date);
-//        system(BINARY_SUFFIX"brd_usies.sh");
+//        PROC_CMD("bin/sh", BINARY_SUFFIX"brd_usies.sh");
 //        keeplog(FN_BRD_USIES".log", NULL, title, 2); /* 整理過後的 log */
 //        keeplog(FN_BRD_USIES, BRD_SECRET, title, 2); /* 未整理前的 log */
 //        gzip(FN_BRD_USIES, "brdusies/brdusies", ymd);   /* 未整理前的 log */
@@ -843,7 +842,7 @@ main(void)
         sprintf(date, "[%02d 月 %02d 日] ", ptime.tm_mon + 1, ptime.tm_mday);
 
         sprintf(title, "[記錄] %s使用者編號紀錄", date);
-        system(BINARY_SUFFIX"userno");
+        PROC_CMD(BINARY_SUFFIX"userno", NULL);
         keeplog(FN_USERNO_LOG, BRD_SECRET, title, 2);
         gzip(FN_USERNO_LOG, "userno/userno", ymd);        /* 所有 [使用者編號紀錄] 記錄 */
         gzip(FN_MAIL_LOG, "mail/mail", ymd);    /* 所有 [寄信] 記錄 */

diff --git a/util/backup.c b/util/backup.c
@@ -61,8 +61,8 @@ proceed(
         if (fname[0] > ' ' && fname[0] != '.')
         {
             //strcpy(str, fname);
-            sprintf(cmd, "tar zcf %s/usr/usr%02d%02d/%c/%s.tgz %s", bk_path, mon, mday, *fname, fname, fname);
-            system(cmd);
+            sprintf(cmd, "%s/usr/usr%02d%02d/%c/%s.tgz", bk_path, mon, mday, *fname, fname);
+            PROC_CMD("/bin/tar", "zcf", cmd, fname);
         }
     }
     closedir(dirp);
@@ -138,8 +138,8 @@ bk_brd(
             if ((day == 4 && ((ptr[0] >= '0' && ptr[0] <= '9') || (ptr[0] >= 'a' && ptr[0] <= 'k') || (ptr[0] >= 'A' && ptr[0] <= 'K'))) ||
                 (day == 5 && ((ptr[0] >= 'l' && ptr[0] <= 'z') || (ptr[0] >= 'L' && ptr[0] <= 'Z'))))
             {
-                sprintf(cmd, "tar zvcf %s/brd/brd%02d%02d/%s.tgz %s", bk_path, mon, mday, ptr, ptr);
-                system(cmd);
+                sprintf(cmd, "%s/brd/brd%02d%02d/%s.tgz", bk_path, mon, mday, ptr);
+                PROC_CMD("/bin/tar", "zvcf", cmd, ptr);
             }
             else
                 continue;
@@ -176,8 +176,8 @@ bk_gem(void)
 
         if (ptr[0] > ' ' && ptr[0] != '.')
         {
-            sprintf(cmd, "tar zcf %s/gem/gem%02d%02d/%s.tgz %s", bk_path, mon, mday, ptr, ptr);
-            system(cmd);
+            sprintf(cmd, "%s/gem/gem%02d%02d/%s.tgz", bk_path, mon, mday, ptr);
+            PROC_CMD("/bin/tar", "zcf", cmd, ptr);
         }
     }
     closedir(dirp);
@@ -206,31 +206,29 @@ bk_system_src(void)
 
     for (i=0; i < COUNTOF(system_folders); i++)
     {
-        sprintf(cmd, "tar zcf %s/%s.tgz %s", path, system_folders[i], system_folders[i]);
-        system(cmd);
+        sprintf(cmd, "%s/%s.tgz", path, system_folders[i]);
+        PROC_CMD("/bin/tar", "zcf", cmd, system_folders[i]);
     }
 
-    sprintf(cmd, "touch %s/gem.tar", path);
-    system(cmd);
-    sprintf(cmd, "tar rvf %s/gem.tar gem/.DIR", path);
-    system(cmd);
-    sprintf(cmd, "tar rvf %s/gem.tar gem/.GEM", path);
-    system(cmd);
+    sprintf(cmd, "%s/gem.tar", path);
+    PROC_CMD("/bin/touch", cmd);
+    PROC_CMD("/bin/tar", "rvf", cmd, "gem/.DIR");
+    PROC_CMD("/bin/tar", "rvf", cmd, "gem/.GEM");
     for (i = '0'; i <= '9'; i++)
     {
-        sprintf(cmd, "tar rvf %s/gem.tar gem/%c", path, i);
-        system(cmd);
+        char path_i[6];
+        sprintf(path_i, "gem/%c", i);
+        PROC_CMD("/bin/tar", "rvf", cmd, path_i);
     }
     for (i = 'A'; i <= 'V'; i++)
     {
-        sprintf(cmd, "tar rvf %s/gem.tar gem/%c", path, i);
-        system(cmd);
+        char path_i[6];
+        sprintf(path_i, "gem/%c", i);
+        PROC_CMD("/bin/tar", "rvf", cmd, path_i);
     }
-    sprintf(cmd, "tar rvf %s/gem.tar gem/@", path);
-    system(cmd);
+    PROC_CMD("/bin/tar", "rvf", cmd, "gem/@");
 
-    sprintf(cmd, "gzip -9 %s/gem.tar", path);
-    system(cmd);
+    PROC_CMD("/bin/gzip", "-9", cmd);
 
     log_backup("system backup complete");
 

diff --git a/util/brdcheck.c b/util/brdcheck.c
@@ -30,7 +30,7 @@ main(
     for (c = 'a'; c <= 'z'; c++)
     {
         char buf[64];
-        GCC_UNUSED char buf2[64];
+        GCC_UNUSED char buf2[64], buf3[64];
         struct dirent *de;
         DIR *dirp;
 
@@ -56,8 +56,9 @@ main(
             if ((fd = open(buf, O_RDONLY)) < 0)
             {
                 printf("brd/%s is missing, cp DIR.o\n", buf);
-                //sprintf(buf2, "cp %s/.DIR.o %s/.DIR", str, str);
-                //system(buf2);
+                //sprintf(buf2, "%s/.DIR.o", str);
+                //sprintf(buf3, "%s/.DIR", str);
+                //PROC_CMD("/bin/cp", buf2, buf3);
             }
             else
                 continue;

diff --git a/util/restorebrd.c b/util/restorebrd.c
@@ -14,8 +14,8 @@ reaper(
     const char *lowid)
 {
     char buf[256];
-    sprintf(buf, "tar zxvf /var/tape/brd/%s ", lowid);
-    system(buf);
+    sprintf(buf, "/var/tape/brd/%s", lowid);
+    PROC_CMD("/bin/tar", "zxvf", buf);
 }
 
 static void

diff --git a/util/restoregem.c b/util/restoregem.c
@@ -14,8 +14,8 @@ reaper(
     const char *lowid)
 {
     char buf[256];
-    sprintf(buf, "tar zxvf /var/tape/gem/%s ", lowid);
-    system(buf);
+    sprintf(buf, "/var/tape/gem/%s", lowid);
+    PROC_CMD("/bin/tar", "zxvf", buf);
 }
 
 static void

diff --git a/util/restoreusr.c b/util/restoreusr.c
@@ -14,9 +14,10 @@ reaper(
     const char *fpath,
     const char *lowid)
 {
-    char buf[256];
-    sprintf(buf, "tar zxvf /var/tape/usr/%c/%s -C \"" BBSHOME "/usr/%c\"", *lowid, lowid, *lowid);
-    system(buf);
+    char buf[256], buf1[256];
+    sprintf(buf, "/var/tape/usr/%c/%s", *lowid, lowid);
+    sprintf(buf1, BBSHOME "/usr/%c", *lowid);
+    PROC_CMD("/bin/tar", "zxvf", buf, "-C", buf1);
 }
 
 static void