Re: Secure popen

From: Kai Schulte (kai@eclipse.asta.uni-essen.de)
Date: Tue Jun 19 2001 - 16:35:41 PDT

Next message: Christian Recktenwald: "Re: Secure popen"

Previous message: John Viega: "Re: Secure popen"
In reply to: Aaron Bentley: "Secure popen"
Next in thread: Christian Recktenwald: "Re: Secure popen"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 19 Jun 2001, Aaron Bentley wrote:

> I understand popen() is not very secure, because it uses the shell to
> execute the command, but I don't know of a safe alternative.

If possible, you should open the file descriptors yourself and
execute the program directly.  That will also save you the overhead
of invoking a shell. In unix terms this would be

pipe() to get a pair of connected file descriptors,
fork() a new process
close() the pipe input descriptor in the child and the output descriptor
     in the parent
execve() or similar to have the child run sendmail with the desired
     options
then send the message to sendmail through the pipe.

Kai

Next message: Christian Recktenwald: "Re: Secure popen"
Previous message: John Viega: "Re: Secure popen"
In reply to: Aaron Bentley: "Secure popen"
Next in thread: Christian Recktenwald: "Re: Secure popen"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 19 2001 - 20:26:31 PDT