Re: Secure popen

From: Peter Jeremy (peter.jeremyat_private)
Date: Tue Jun 19 2001 - 14:41:33 PDT

  • Next message: Antonomasia: "RE: Secure popen"

    On 2001-Jun-19 10:03:56 -0400, Aaron Bentley <abentleyat_private> wrote:
    >I understand popen() is not very secure, because it uses the shell to
    >execute the command, but I don't know of a safe alternative.
    
    I don't know of any standard safe popen, but it's not that difficult
    to write one.  The pseudo-code is basically:
    	pipe(fds);
    
    	fork();
    	if (child) {
    		close(fds[1]);
    		dup fds[0] onto stdin
    		close everything other than stdin, stdout and stderr
    		execl sendmail with relevant arguments
    		(You might like to use execle() and prune the environment)
    	}
    	if (parent) {
    		close(fds[0]);
    		write mail to fds[1];
    		close(fds[1]);
    		reap child
    	}
    
    >  I can
    >sanitize my input, but is escaping all non-alphanumeric characters the
    >right answer?
    
    I think it's easier to write a safe popen() than sanitise a shell
    argument string.
    
    Peter
    



    This archive was generated by hypermail 2b30 : Tue Jun 19 2001 - 20:34:23 PDT