Re: Secure popen

From: Slawek (sgpat_private)
Date: Tue Jun 19 2001 - 13:21:20 PDT

  • Next message: Jeremy Miller: "Re: Secure popen"

    Aaron Bentley wrote:
    
    > I'm writing a CGI program in C++ that sends email.  I'm using Sendmail
    > for the transmission, so I need a command that lets me specify stdin for
    > Sendmail.
    > I understand popen() is not very secure, because it uses the shell to
    > execute the command, but I don't know of a safe alternative.  I can
    > sanitize my input, but is escaping all non-alphanumeric characters the
    > right answer?
    
    pipe(2)
    dup2(2)
    stdin(4)
    
    bye,
    Slawek
    



    This archive was generated by hypermail 2b30 : Tue Jun 19 2001 - 16:54:49 PDT