...
This non-compliant code invokes the C99 system() function to execute the /bin/ls program. The C99 system() function passes a string to the command processor in the host environment to be executed.
| Code Block | ||
|---|---|---|
| ||
if (system("/bin/ls dir.`date +%Y%m%d`");) == -1) { /* handle error */ } |
Although IFS does not affect the command portion of this string, /bin/ls, it does determine how the argument is built after calling date. If the default shell does not ignore the incoming value of the IFS environment value, and an attacker sets IFS to ".", the intended directory will not be found.
...