Runtime.getRuntime (). Exec (String []) security

Question

I am using Runtime.getRuntime (). exec (String []) to start processes in which some elements of the String array are user-defined.

Is it safe? Or will it allow you to enter the code into the terminal?

If this is unsafe, what can I do to avoid code injection? (it must be platform independent)

+3

Jose Antonio Mar 14 '11 at 16:31

5 answers

This is generally unsafe, as shell scripts should be possible (which could be malicious).

, , ( , - ), .

+2

Thomas 14 . '11 16:37

+2

Peeter 14 . '11 16:48

, . unix script , . , script , . ( .)

+1

, -, . - exec. . , .

An example of a dangerous team is to find. The user can add the -exec parameter as an argument for arbitrary execution of the command.

+1

Simonj Jan 27 '14 at 16:20

jtahlborn · Accepted Answer · 2011-03-14T17:06:09+0000

As I mentioned in a comment on another answer (may also add my own answer), this should be safe if you control the first argument.