the importance of using safe interprocess communication

Ben Escoto
Sun, 10 Feb 2002 01:26:21 -0800

Content-Type: text/plain; charset=us-ascii

>>>>> "JH" == Jamie Heilman <>
>>>>> wrote the following on Fri, 8 Feb 2002 03:46:01 -0800

  JH> I don't think it is as long as /bin/sh -c behaves how you expect
  JH> it to, your environment is what you think it is, etc.  Using a
  JH> Popen3 class would let you capture the errors from the system
  JH> call, something which should always be done, *especially* when
  JH> the program runs with elevated privileges.  Granted it might be
  JH> slower assuming popen() doesn't fork, and your shell is 'smart'
  JH> enough to just exec without forking, but honestly /bin/sh -c
  JH> being offered variable arguments, untainted or not, just gives
  JH> me a bad feeling; I'd rather just use something that I know
  JH> doesn't ever muck with my command.

I know what you mean, but I'm hesitant to use any undocumented
features of python.  Would your mind be any more at ease if we put the
parameters into the environment, as in:

os.environ['foo'] = filename
os.popen('rdiff signature $foo')?

That is the way shell script writers often do it I think.

    About your earlier example, it contains the lines:

for i in range(3, MAXFD):

What does this do and why?  Thanks.

Ben Escoto

Content-Type: application/pgp-signature

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Exmh version 2.5 01/15/2001