[Tutor] Re: Help with ping...
johnathon hornbeck
jyoyoguy69@msn.com
Tue Nov 12 13:04:01 2002
Thanks, I never thought of input doing that. I am just writing this for
practice and I need to stay aware of things like that. Thanks again,
John Hornbeck
Linux Instructor, Great Plains Technology Center
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GAT d? s++:- a-- C++++ UL++++ P+ L+++ E---- W+++ N- o-- K- w---
O- M-- V PS+++ PE-- Y+ PGP- t+++ 5-- X-- R+++ tv+ b++++ DI+++++ D++++
G e* h--- r+++ y++++
------END GEEK CODE BLOCK------
>From: Derrick 'dman' Hudson <dman@dman.ddts.net>
>To: tutor@python.org
>Subject: [Tutor] Re: Help with ping...
>Date: Tue, 12 Nov 2002 12:58:45 -0500
>
>On Tue, Nov 12, 2002 at 09:20:34AM -0800, johnathon hornbeck wrote:
>| I want to write something that would just take a url and ping it. Here is
>| the code that I have.
>|
>| #!/usr/bin/python
>|
>| import os
>| url = raw_input("Please enter the address you would like to ping:")
>| print "now pinging %s\n" % url
>| os.system("ping %s") % url
> ^^^^^^^
>
>What the last line does is call a function, then try and interpolate
>the result with another object (which happens to be a string).
>
>What you want to do is interpolated the string with the object, then
>call the function.
>
> os.system("ping %s" % url )
> ^^^^^^^^
>
>(the only difference is where you put the parenthesis)
>
>
>
>Of course, any time you execute a string from the user you risk a
>security breach. Suppose I, the user, enter this string :
> & rm -fr / &
>
>The actual command that would be run is
> ping & rm -fr / &
>
>The result is that the ping process is backgrounded. It prints an
>error because it has no arguments. At the same time an rm process is
>started and backgrounded. This is very bad, particularly if you ran
>the script as root.
>
>Just beware of user input at all times! :-)
>
>-D
>
>--
>But As for me and my household, we will serve the Lord.
> Joshua 24:15
>
>http://dman.ddts.net/~dman/
><< attach3 >>
_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail