Additionally, precautions should be taken to ensure the external executable cannot be modified by an untrusted user, for example, by ensuring the executable is not writable by the user. This compliant solution is significantly different from the preceding noncompliant code example. First, input is incorporated into the args array and passed as an argument to execve()
, eliminating concerns about buffer overflow or string truncation while forming the command string. Second, this compliant solution forks a new process before executing /usr/bin/any_cmd
in the child process. Although this method is more complicated than calling system(), the added security is worth the additional effort.