RE: Secure popen

From: Michael Wojcik (Michael.Wojcikat_private)
Date: Tue Jun 19 2001 - 13:00:49 PDT

  • Next message: Rodrigo Barbosa: "Re: Secure popen"

    [ISTR a discussion of this very topic on SECPROG, or perhaps one of the
    other SecurityFocus mailing lists, only a few weeks ago.  Have you checked
    the archives?  It might have been Usenet; you could do a search against
    comp.unix.programming.]
    
    My suggestion: write a version of popen that doesn't use the shell.  If you
    have the source for your OS' C library, use that as a template; if not, grab
    the GCC implementation if the license terms aren't prohibitive for your
    application.  Or adapt the one in Stevens' _Advanced Programming in the Unix
    Environment_.
    
    Or you could write your own from scratch, but while it's conceptually simple
    there are various pitfalls, and it helps to have an existing implementation
    to point them out.
    
    Michael Wojcik             michael.wojcikat_private
    MERANT
    Department of English, Miami University
    
    
    > -----Original Message-----
    > From: Aaron Bentley [mailto:abentleyat_private]
    > Sent: Tuesday, June 19, 2001 9:04 AM
    
    > I'm writing a CGI program in C++ that sends email.  I'm using Sendmail
    > for the transmission, so I need a command that lets me 
    > specify stdin for Sendmail.
    > I understand popen() is not very secure, because it uses the shell to
    > execute the command, but I don't know of a safe alternative.  I can
    > sanitize my input, but is escaping all non-alphanumeric characters the
    > right answer?
    > 
    > The program is not privileged, but I don't want people to be able to
    > gain privileges as 'nobody' on the web server.
    > 
    > Any suggestions for this ?
    



    This archive was generated by hypermail 2b30 : Tue Jun 19 2001 - 16:58:21 PDT