anthony-tuininga
commented
7 years ago Thanks, @jmcp. I've added the code to use posix_spawn(), as suggested. The Windows code was already using CreateProcess() so it should be fine as is.
Closed jmcp closed 7 years ago
anthony-tuininga
commented
7 years ago Thanks, @jmcp. I've added the code to use posix_spawn(), as suggested. The Windows code was already using CreateProcess() so it should be fine as is.
While examining the odpi source in preparation for creating an IPS packaged version, I came across the test suite's TestSuiteRunner.c file, which contains these lines:
This violates https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=2130132, aka " ENV33-C. Do not call system()".
The posix_spawn() function (see http://pubs.opengroup.org/onlinepubs/009695399/functions/posix_spawn.html) is available on Linux, Mac osx, Solaris and other UNIX-like systems. For MS Windows, one of the functions noted at https://en.wikipedia.org/wiki/Spawn_(computing) would be preferable.