Directory names from untrusted data

Albert Hofkamp hat at se-126.se.wtb.tue.nl
Tue Sep 16 15:17:18 CEST 2003


On Sat, 13 Sep 2003 16:08:52 +0100, Jim Dabell <jim-usenet at jimdabell.com> wrote:
> 
> I'm in the middle of writing a small app for Linux that needs to create
> directories that take their names from untrusted data.  If possible, I'd
> like to preserve special characters rather than switching them with dummy
> characters.  For instance, using bash, I'd just escape characters with

Preserving characters supplied by untrusted data sounds like you do
trust your supplier at least a little bit. Depending on how paranoid you
are and how secure you must be, this may be dangerous.

> backslashes when I want to create a directory name with, say, a slash in.
> 
> I've been through the manual, Google and Usenet, and I've done a bit of
> experimenting, but I can't seem to find a way of doing this in python.  The

Do what in Python?
Filtering chars or making dirs?
Both can easily be done in Python

Filtering:

safename=''
for kar in untrustedname:
    if kar in string.letters:
       safename=safename+kar
    else:
       safename=safename+'_'

Making dir:

os.path.mkdir(safename)


Obviously, the code above is extremely non-secure, you should do some
checking on existance of the directory name, provide an atomic creation
primitive, and set the access rights to something sensible.

> only thing I can think of is to spawn a bash shell to do it, which I'd
> rather not have to do.  Does anybody have a better way of doing this? 
> Also, are there any other things I should watch out for (e.g. excessively
> long names)?

Short answer: Everything, including all things you think you can trust.

Longer answer: Read a few docs about secure programming to get
sufficiently paranoid.



Albert
-- 
Unlike popular belief, the .doc format is not an open publically available format.




More information about the Python-list mailing list