GCC: blocking system() calls?

V

Vyacheslav Pukhanov2013-12-04 13:07:10

GCC

Vyacheslav Pukhanov, 2013-12-04 13:07:10

Hello.
There was a need to prohibit the compilation of programs that call system (). Can this be done with compiler options or config changes? Or just parse the source before compiling, look for calls there?
Thank you.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

N

nekipelov, 2013-12-04
@vpukhanov

Why do you need it? Easiest way: -Dsystem or remove system from stdlib.h. Of course this is easy to do. But the parsing option is just as easy to manage (you can implement your own system or call the function by dynamically encoding the name in "\x73\x79\x73\x74\x65\x6d". The only guaranteed way is to organize a sandbox.

I

Ilya Evseev, 2013-12-05
@IlyaEvseev

System calls /bin/sh.
You can rename it to sh2, and make sh a wrapper that will check where it is called from.
If the parent is in PATH, call sh2.
Otherwise write to syslog and exit.
But this is a crutch, and it is not a fact that all other programs will like it.

D

dlinyj, 2013-12-04
@dlinyj

Macro to write. Which this sytem() makes is an invalid function.