[hatari-devel] Compiler warnings / system call

Eero Tamminen eerot at users.berlios.de
Sun Feb 28 19:45:31 CET 2010


Hi,

On Sunday 28 February 2010, Thomas Huth wrote:
> When compiling the current hg tip, I get these compiler warnings:
>
> /home/thomas/devel/hatari/master/src/debug/debugui.c: In function
> ‘DebugUI_Exec’: /home/thomas/devel/hatari/master/src/debug/debugui.c:392:
> warning: ignoring return value of ‘system’, declared with attribute
> warn_unused_result /home/thomas/devel/hatari/master/src/debug/debugui.c:
> In function ‘DebugUI_ParseFile’:
> /home/thomas/devel/hatari/master/src/debug/debugui.c:956: warning:
> ignoring return value of ‘chdir’, declared with attribute
> warn_unused_result
>
> Eero, could you please fix them?

Sure.


> Also I have to say that I dislike the use of the system() call in
> Hatari. First, I guess this call is quite specific to Unix-like
> platforms, so we might run into problems on platforms that do not
> feature a standard system shell and thus do not implement this call in
> their C library.

system() manual page says:
	CONFORMING TO
	       C89, C99, POSIX.1-2001.

I.e. it's standard.


> Second, this could introduce possible security issues. On some systems,
> Hatari might be installed as suid-root, so that it can for example
> access the framebuffer device directly. Offering a system() call here 
> means to offer a root shell!

Anything running as suid root should do whatever requires root priviledge in
the beginning and drop root priviledges immediately after that.  If somebody
makes Hatari suid root without doing do that, that's plain stupid[1].  I'm
not sure it's even safe to run plain SDL itself as suid root...

[1] I've fixed several potential buffer overflows in Hatari during past half
    a year, I'm sure there are more.  Hatari's just too complex to be run
    as suid.

If one needs to access framebuffer, it's better to setup the system so
that framebuffer is accessible by whoever logs in locally, similarly to how
audio  and some other devices are handled within the past decade.
Or it could be accessible by users who belong to certain group.


Btw. I had my doubts about this feature too, but not from that point
of view.

Debugger is accessible also through Hatari command socket, if user enables
socket (done automatically by Hatari UI), and through XBios 255 from
the emulation environment, if one enables that.  But the socket should be
accessible only by that user and --bios-intercept is not on by default.


> So I vote for removing this debugger commando again
> - or is it really required badly? 

Laurent asked for "ls" in Debugger.  System() was only reasonable way to
implement that (implementing "ls" within Hatari would need too much code
for such a fringe feature).

"exec" may also be convenient if one wants to do everything within
the Hatari debugger instead of using both a separate terminal and Hatari
console window (think about users who open Hatari + debugger window from
a link on desktop).

But if you don't think these important, I'm OK also with removing with.
Or maybe it should be a configuration option?


	- Eero



More information about the hatari-devel mailing list