question about the safety of os.popen()
Donn Cave
donn at u.washington.edu
Fri Sep 10 14:21:30 EDT 1999
Quoth pj at sgi.com (Paul Jackson):
[in reply to Brian Raynes]
| |> mail = os.popen("/usr/sbin/sendmail -t", "w")
| |>
| |> I believe that this method of using os.popen() is relatively
| |> safe since it does not pass any user input directly to the
|
| This is not safe, if it might be run by a setuid or setgid
| program.
Hold on, there, Python itself has some weaknesses in this context!
Why wrestle with this IFS gimmick and try to catch it executing a
command via the shell, when you can use PYTHONPATH to get your own
python module loaded?
... [IFS issue deleted]
| Now if you not concerned with safe setuid/gid usage, then I
| believe its quite safe - the user can't get anymore done by
| confusing your code than they could do directly anyway.
While I am no fan of system() and popen(), I agree, this one looks
OK to me. popen2() is also fine, but note that to get the benefit,
you must specify the already split command argument list, like
['/usr/bin/sendmail', '-t']. If you give it a string like
'/usr/bin/sendmail -t', it runs sh just like popen() would
(and I agree this is the right way to go.)
Donn Cave, University Computing Services, University of Washington
donn at u.washington.edu
More information about the Python-list
mailing list