Secure popen

From: Aaron Bentley (abentleyat_private)
Date: Tue Jun 19 2001 - 07:03:56 PDT

  • Next message: John Viega: "Re: Secure popen"

    I'm writing a CGI program in C++ that sends email.  I'm using Sendmail
    for the transmission, so I need a command that lets me specify stdin for
    Sendmail.
    I understand popen() is not very secure, because it uses the shell to
    execute the command, but I don't know of a safe alternative.  I can
    sanitize my input, but is escaping all non-alphanumeric characters the
    right answer?
    
    The program is not privileged, but I don't want people to be able to
    gain privileges as 'nobody' on the web server.
    
    Any suggestions for this ?
    
    Aaron
    
    --
    Aaron Bentley
    Manager of Information Technology
    PanoMetrics, Inc.
    



    This archive was generated by hypermail 2b30 : Tue Jun 19 2001 - 11:29:36 PDT