the importance of using safe interprocess communication

Jamie Heilman jamie@audible.transient.net
Sun, 10 Feb 2002 20:54:31 -0800


Ben Escoto wrote:

> I know what you mean, but I'm hesitant to use any undocumented
> features of python.  Would your mind be any more at ease if we put the
> parameters into the environment, as in:

Its documented in the source, and look at it this way, if they ever
change this behavior python becomes immediately unacceptable for
writing any kind of secure script that must play well with others.
I doubt very much they will sacrifice this.
 
> os.environ['foo'] = filename
> os.popen('rdiff signature $foo')?
> 
> That is the way shell script writers often do it I think.

nope, that doesn't change a thing, still passing vars to sh -c, the
variables get interpolated before the command line is intepreted
 
>     About your earlier example, it contains the lines:
> 
> for i in range(3, MAXFD):
>     try:
>         os.close(i)
>     except:
>         pass

Well... not really *my* example, its the source from popen2.py, but
anyway, they are closing all file descriptors that aren't stdin stderr
and stdout, because the child could otherwise inherit descriptors from
the parent which may result in accidental privilege elevation or any
other host of accidents.

-- 
Jamie Heilman                   http://audible.transient.net/~jamie/
"It's almost impossible to overestimate the unimportance of most things."
							-John Logue