Calling an application from inside a python script Take 1
Jim Dennis
jimd at vega.starshine.org
Sun Jan 7 08:22:34 EST 2001
In article <935p59$cga$1 at nntp6.u.washington.edu>, Donn Cave wrote:
>Quoth "Joel Ricker" <joejava at dragonat.net>:
>| Donn Cave wrote in message <9351o8$8qm$1 at nntp6.u.washington.edu>...
>|> try that and see what happens? That's an intentionally hostile
>|> input (don't try it, really.) Accidental input errors might be harmless,
>|> or might not.
>|> I didn't see anything wrong with the ssh in your initial post, the
>|> problem was system(). system() + user-supplied input = unpredictable
>|> results. Use spawnv().
>| I'm not sure if you are familar with perl but perl has a pragma called Taint
>| that when enabled prohibits the use of user supplied input until the proper
>| input is regexed out of it - for example, usernames shouldn't have any
>| punctuation other than _ or control codes, etc. I'm not sure exactly what
>| Python has in this regard as this is Day 1 of my Perl Recovery Program (*s*)
>| but its a mindset worth applying.
>I'd like to see people try spawnv(). (Or spawnvp(), whatever.)
>It's nice to be able to clean up input for the shell command line, and
>maybe it's even reliable enough. As a mindset, I'm not sure. If you
>need to walk a high-wire, then a safety net is a good idea. If you
>actually could just cross at the street level, but everyone takes the
>high-wire because they don't like to walk up and down the stairs and
>there's a safety net, that puts the safety net in a different perspective.
>You can still break your neck.
>Until now, we could only say "system() is scary, but the alternatives
>are complex and laborious." Now 2.0 has a reasonably handy alternative.
>It's safer, it's faster, would appear to be portable. Say no to
>system(), at least with calculated inputs.
> Donn Cave, donn at u.washington.edu
system() is scary because it spawns a shell, which parses
the input as a command line *IN THE USERS ENVIRONMENT*. Thus
there are various environement settings like PATH, possibly
including aliases and shell functions that can also invisibly
affect what is run.
Note that Taint checking is not a panacea. In only enforces
a policy that you perform some substition/regex filtering operation
on your strings before you pass them to your system or eval functions.
It doesn't "know" what constitutes a safe set of filtering parameters
for each shell or whatever. Like a safety on a firearm it helps a good
programmer avoid shooting himself in the foot but it doesn't unload
the gun for you!
More information about the Python-list
mailing list