Yet Another Command Line Parser

Andrew Dalke adalke at mindspring.com
Wed Oct 27 01:46:34 CEST 2004


Alex:
> Not to defend exec (ugly thing it is), but in this case I'm not sure
> what the security hole would be.

In some sense we're both right, or wrong.  Security depends on
the system.  If someone saw that code, found it interesting, added
it to a script, which passed through a few people to someone
who uses it as part of a public service, then it's possible a
malicious user of that service may be able to execute arbitrary
code on the server.


> If I enter that tricky commandline at
> a shell prompt, it will be just as if i had executed the 'ls -l' at the
> same shell prompt; weird, but where is the huge security hole?  It's not
> as if there were setuid shell scripts (is there...?  I sure hope not!-).

In that environment there are fewer problems.

> but how are commandline arguments 'untrusted'...?

I had to think about that for a bit.  Much of the work I do
(for money or otherwise) ends up being called by some sort
of web interface or is the interface to such code.  Much of
the data I use can come from untrusted sources.  So I've
developed a programming habit of being distrustful of any
data I get, even if it's from me.

As a consequence that also means I don't need to think about
the multiple levels in the system.

				Andrew
				dalke at dalkescientific.com



More information about the Python-list mailing list