we've been hit a few times by unknown system() usage in tools (e.g. awk & sed). we should look at auditing existing usage and try updating image_test to reject new users (w/out explicit listing).
obviously this doesn't help with arbitrary execv() funcs. but i think use of execv() over system() implies a bit of stability/thought with the usage vs system() just being a "run this string and see what happens".
at least with CrOS platform code, we shouldn't be using system() anywhere. we have sane brillo::Process helpers and such instead.
once we have a test in place to kill new users, we can start filing bugs for our own projects to migrate away from system().
a quick check of the system doesn't show *too* many users.
# scanelf -qmRs-system -F'#s%F' / | sort
/bin/kmod
/lib64/libkmod.so.2.3.2
/lib64/libss.so.2.0
/opt/google/chrome/pepper/libpepflashplayer.so
/sbin/crash_reporter
/usr/bin/anomaly_collector
/usr/bin/captest
/usr/bin/cras
/usr/bin/cros_installer
/usr/bin/dc
/usr/bin/ldbedit
/usr/bin/memory_suspend_test
/usr/bin/net
/usr/bin/perf
/usr/bin/powerd
/usr/bin/sane-find-scanner
/usr/bin/shar
/usr/bin/smbclient
/usr/bin/sqlite3
/usr/bin/ssh
/usr/bin/tdbtool
/usr/bin/tput
/usr/bin/trace
/usr/bin/unshar
/usr/bin/uudecode
/usr/bin/uuencode
/usr/bin/watch
/usr/bin/zic
/usr/lib64/libasound.so.2.0.0
/usr/lib64/libdrivefs.so
/usr/lib64/libecryptfs.so.0.0.0
/usr/lib64/libsamba-util.so.0.0.1
/usr/lib64/libsane.so.1.0.27
/usr/lib64/libsmbconf.so.0
/usr/lib64/libulockmgr.so.1.0.1
/usr/lib64/sane/libsane-* # like all of them?
/usr/libexec/cups/backend/beh
/usr/libexec/ipsec/starter
/usr/sbin/cryptohomed
/usr/sbin/flashrom
/usr/sbin/mount-encrypted
/usr/sbin/vipw
/usr/sbin/vpd
Comment 1 by kerrnel@chromium.org
, Sep 17