On 2001-Jun-19 10:03:56 -0400, Aaron Bentley <abentleyat_private> wrote: >I understand popen() is not very secure, because it uses the shell to >execute the command, but I don't know of a safe alternative. I don't know of any standard safe popen, but it's not that difficult to write one. The pseudo-code is basically: pipe(fds); fork(); if (child) { close(fds[1]); dup fds[0] onto stdin close everything other than stdin, stdout and stderr execl sendmail with relevant arguments (You might like to use execle() and prune the environment) } if (parent) { close(fds[0]); write mail to fds[1]; close(fds[1]); reap child } > I can >sanitize my input, but is escaping all non-alphanumeric characters the >right answer? I think it's easier to write a safe popen() than sanitise a shell argument string. Peter
This archive was generated by hypermail 2b30 : Tue Jun 19 2001 - 20:34:23 PDT