...
If, the system() command is implemented in a way that spawns a child process to run the editor, then the child process inherits the file descriptors opened by the parent process. As a result, the editor will be able to access the contents of Sensitive.txt.
Implementation Specific Details
On UNIX-based systems child processes are typically spawned using a form of fork() and exec(). Under Microsoft Windows, the CreateProcess() function is typically used. In Windows, file handle inheritance from a parent to a child process is determined on a per-file bases. As a result, the child process spawned by CreateProcess() may not have access to the open file handles of the parent process.
Compliant Solution
To correct this example, Sensitive.txt should be closed before launching the editor.
| Code Block | ||
|---|---|---|
| ||
ILE* f; char *editor; f = fopen("Sensitive.txt", "r"); if (fd == NULL) { /* Handle fopen() error */ } /* ... */ fclose(f); editor = getenv("EDITOR"); if (editor == NULL) { /* Handle getenv() error */ } |
Risk Assessment
Failing to properly close files may allow unintended access to, or exhaustion of, system resources.
...