Problem with popen() and a regular expression
Joonas Paalasmaa
joonas at olen.to
Wed Mar 6 12:29:13 EST 2002
Simon Willison wrote:
>
> Joonas Paalasmaa wrote:
> > Simon Willison wrote:
> >
> >> I've written a simple Python script to scan a bunch of URLs for "live"
> >> sites and grab the title of those pages. It works by using popen() to
> >> call lynx and analyse the HTTP response:
> >>
> >> -----------------------------------------------------------------
> >>
> >> command = "/opt/bin/lynx -mime_header http://www.bath.ac.uk/~"+user+"/"
> >
> >
> > Use:
> >
> > command=["/opt/bin/lynx","-mime_header","http://www.bath.ac.uk/~"+user+"/"]
> >
> > for better security.
>
> I'm a Python newbie :) How does that makes things more secure?
If you pass a string to os.popen as the first argument, the process is
envoiked
by by running the argument in shell. That can cause problems if the
string is composed from non-safe variables. Imagine situation where
variable 'user' is "; rm -fR ~/; echo ". That causes command
"/opt/bin/lynx -mime_header http://www.bath.ac.uk/~; rm -fR ~/; echo /"
to be run in shell.
But if a list is passed to os.popen, os.popen will run a program named
in the first item of
the list with the rest of the list as arguments.
- Joonas
More information about the Python-list
mailing list