Security implications of using open() on untrusted strings.
news123 at free.fr
Tue Nov 25 23:37:25 CET 2008
Jorgen Grahn wrote:
> Compare with a language (does Perl allow this?) where if the string
> is "rm -rf /|", open will run "rm -rf /" and start reading its output.
> *That* interface would have been
Good example. (for perl):
The problem doesn't exist in python
open("rm -rf / |") would try to open a file with exactly that name and
it would fail if it doesn't exist.
In perl the perl script author has the choice to be safe (three argument
open) or to allow stupid or nice things with a two argument open.
open($fh,"rm -rf / |") would execute the command "rm -rf /" and pass
it's output to perl
open($fh,"rm -rf / |","<") would work as in python
The only similiar pitfall for pyhon would be popen() in a context like
p = os.popen("md5sum "+f)
here you would have unexpected behavior if filename were something like
"bla ; rm -rf /"
Sometimes I miss the 'dangerous variation' in python and I explicitely
add code in python that the filename '-' will be treated as stdin for
files to be read and as stdout for files to be written to
More information about the Python-list