the importance of using safe interprocess communication

[Ben Escoto]

--==_Exmh_-939399544P
Content-Type: text/plain; charset=us-ascii

>>>>> "JH" == Jamie Heilman <jamie@audible.transient.net>
>>>>> wrote the following on Fri, 8 Feb 2002 03:46:01 -0800

  JH> I don't think it is as long as /bin/sh -c behaves how you expect
  JH> it to, your environment is what you think it is, etc.  Using a
  JH> Popen3 class would let you capture the errors from the system
  JH> call, something which should always be done, *especially* when
  JH> the program runs with elevated privileges.  Granted it might be
  JH> slower assuming popen() doesn't fork, and your shell is 'smart'
  JH> enough to just exec without forking, but honestly /bin/sh -c
  JH> being offered variable arguments, untainted or not, just gives
  JH> me a bad feeling; I'd rather just use something that I know
  JH> doesn't ever muck with my command.

I know what you mean, but I'm hesitant to use any undocumented
features of python.  Would your mind be any more at ease if we put the
parameters into the environment, as in:

os.environ['foo'] = filename
os.popen('rdiff signature $foo')?

That is the way shell script writers often do it I think.

    About your earlier example, it contains the lines:

for i in range(3, MAXFD):
    try:
        os.close(i)
    except:
        pass

What does this do and why?  Thanks.


--
Ben Escoto

--==_Exmh_-939399544P
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Exmh version 2.5 01/15/2001

iD8DBQE8Zjy8+owuOvknOnURAvA+AJ9lCWnwQnXMcFjXSzymHitTF54CZwCfS7Gc
lvnjB6aEnxakpdI6kPSHzcU=
=zJnG
-----END PGP SIGNATURE-----

--==_Exmh_-939399544P--