the importance of using safe interprocess communication

Jamie Heilman jamie@audible.transient.net
Thu, 7 Feb 2002 23:52:47 -0800

Previous message: the importance of using safe interprocess communication
Next message: the importance of using safe interprocess communication
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ben Escoto wrote:

> Thank you for the informative bug report.  This looks like yet another
> problem with the quoting code (I thought all the kinks were out of
> that, but oh well...).  I think it should be sufficient to change line
> 1968 to:
> 
> 	regex_chars_to_quote = re.compile("[\\\\\\\"\\$`]")

Yeah I saw that upon further evaluation, however I assure you escaping
shell code is not the answer to this problem and will only lead to
more security holes.  Using the correct kind of system call is.  I'm
still working on a patch of some type, though your's should get me
through the night's backups.

-- 
Jamie Heilman                   http://audible.transient.net/~jamie/
"You came all this way, without saying squat, and now you're trying
 to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile?
 I liked you better when you weren't saying squat kid."	-Buddy

Previous message: the importance of using safe interprocess communication
Next message: the importance of using safe interprocess communication
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]