Safe Penetration Testing Labs · intermediate · ~10 min
Rewrite system() patterns to use execvp.
You're given a toy program:
char cmd[256]; snprintf(cmd, sizeof cmd, "tar -czf /tmp/%s.tgz /data", user_supplied);
system(cmd);
The fix isn't escaping. The fix is fork+execvp with tar as argv[0] and user_supplied as a literal argument so the shell never sees it. Practice the rewrite on a few patterns.