STANDARD(3) UNIX System V(local) STANDARD(3)
NAME
standard, safe - standardize conditions in preparation for exec
SYNOPSIS
standard()
safe()
DESCRIPTION
Standard alters a process's environment to make it relatively safe to do
execvp, system, popen, etc. It closes all descriptors except the
standard ones and supplies a standard set of environment variables that
ensure a standard interpretation of shell commands and a standard search
path for programs.
Safe is similar, but is intended for use in shell escapes and suchlike.
It leaves the environment variables untouched but turns off setuid and
setgid permissions.
Use of either one permits a setuid/setgid program to run other programs
without inadvertently bestowing special powers on nonstandard programs.
Care must still be exercised as to what the standard descriptors refer
to, and it is still possible for programs executed after use of standard
(as opposed to safe) to give away special powers through their
carelessness.
SEE ALSO
environ(3), closeall(3)
HISTORY
Local products.
BUGS
Standard must necessarily supply standard values for some environment
variables, but it is not clear whether it should pass other variables
through or eliminate them. The current implementation eliminates them,
which is safer but sometimes inconvenient.
One can construct elaborate scenarios in which a setuid program employing
safe could be duped into executing a user-supplied program in a current
directory the user ordinarily could not have reached.
Possibly one or both should standardize the umask setting.
10/89 Page 1