[Tutor] Re: Help with ping...
Danny Yoo
dyoo@hkn.eecs.berkeley.edu
Wed Nov 13 01:24:01 2002
On Tue, 12 Nov 2002, Scott Widney wrote:
> >
> > os.system("ping %s" % url )
> > ^^^^^^^^
> >
> > Of course, any time you execute a string from the user you risk a
> > security breach. Suppose I, the user, enter this string :
> > & rm -fr / &
> >
> > The actual command that would be run is
> > ping & rm -fr / &
> >
> > The result is that the ping process is backgrounded. It prints an
> > error because it has no arguments. At the same time an rm process is
> > started and backgrounded. This is very bad, particularly if you ran
> > the script as root.
Hello,
By the way, there is a ping wrapper for Python included in the PyNMS
project:
http://pynms.sourceforge.net/
http://pynms.sourceforge.net/ping.html
This may be an alternative to doing ping through os.system(), and avoids
much of its security problems.
Good luck!