diff --git a/chapter9/guard_log.c b/chapter9/guard_log.c
new file mode 100644
index 0000000..eba3e0b
--- /dev/null
+++ b/chapter9/guard_log.c
@@ -0,0 +1,19 @@
+/* this have code injection security problem, such you input: ' && ls / && echo '  */
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+
+char * now(){
+  time_t t;
+  time(&t);
+  return asctime(localtime(&t));
+}
+
+int main(){
+  char comment[80];
+  char cmd[120];
+  fgets(comment, 80, stdin);
+  sprintf(cmd, "echo '%s %s' >> reports.log", comment, now());
+  system(cmd);
+  return 0;
+}
diff --git a/chapter9/newshound.c b/chapter9/newshound.c
new file mode 100644
index 0000000..c2552bb
--- /dev/null
+++ b/chapter9/newshound.c
@@ -0,0 +1,33 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <errno.h>
+
+int main(int argc, char *argv[])
+{
+  char *feeds[] = {"http://www.cnn.com/rss/celebs.xml",
+                   "http://www.rolling.stone.com/rock.xml",
+                   "http://eonline.com/gossip.xml"
+                   };
+
+  int times = 3;
+  char *phrase = argv[1];
+  int i;
+  for (i = 0; i < times; i++){
+    char var[255];
+    sprintf(var, "RSS_FEED=%s", feeds[i]);
+    //char *vars = {var, NULL};
+    char *vars = {var};
+    pid_t pid = fork();
+    if(pid == -1){
+      fprintf(stderr,"can't fork process: %s\n", strerror(errno));
+      return 1;
+    }
+    if(!pid) {
+      if(execle("/usr/bin/python", "/usr/bin/python", "./rssgossip.py", phrase, NULL, vars) == -1)
+      fprintf(stderr,"can't run script: %s\n", strerror(errno));
+      return 1;
+    }
+  }
+  return 0;
+}
diff --git a/chapter9/system_test.c b/chapter9/system_test.c
new file mode 100644
index 0000000..4ec9d42
--- /dev/null
+++ b/chapter9/system_test.c
@@ -0,0 +1,5 @@
+#include<stdio.h>
+int
+main() {
+  system("ls -l");
+}
diff --git a/dev-tools b/dev-tools
new file mode 100644
index 0000000..8148e14
--- /dev/null
+++ b/dev-tools
@@ -0,0 +1,3 @@
+gdb    调试器
+gprof  性能分析
+gcov   性能分析