the importance of using safe interprocess communication
Sun, 10 Feb 2002 01:26:21 -0800
Content-Type: text/plain; charset=us-ascii
>>>>> "JH" == Jamie Heilman <email@example.com>
>>>>> wrote the following on Fri, 8 Feb 2002 03:46:01 -0800
JH> I don't think it is as long as /bin/sh -c behaves how you expect
JH> it to, your environment is what you think it is, etc. Using a
JH> Popen3 class would let you capture the errors from the system
JH> call, something which should always be done, *especially* when
JH> the program runs with elevated privileges. Granted it might be
JH> slower assuming popen() doesn't fork, and your shell is 'smart'
JH> enough to just exec without forking, but honestly /bin/sh -c
JH> being offered variable arguments, untainted or not, just gives
JH> me a bad feeling; I'd rather just use something that I know
JH> doesn't ever muck with my command.
I know what you mean, but I'm hesitant to use any undocumented
features of python. Would your mind be any more at ease if we put the
parameters into the environment, as in:
os.environ['foo'] = filename
os.popen('rdiff signature $foo')?
That is the way shell script writers often do it I think.
About your earlier example, it contains the lines:
for i in range(3, MAXFD):
What does this do and why? Thanks.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Exmh version 2.5 01/15/2001
-----END PGP SIGNATURE-----