Calling an application from inside a python script Take 1
Chris Watson
chris at voodooland.net
Fri Jan 5 02:47:15 EST 2001
> The easiest thing to write is
>
> import os
> ...
> os.system('ssh -l root %s vi /usr/local/etc/apache.conf' % host)
>
>
> It's also about as dangerous as anything you can do in Python. It
> puts you completely at the mercy of whoever typed in that text at
> the "Enter a hostname: " prompt. Intentionally or not, a space
> or a semi-colon etc. could yield very different results than you
> intend.
Someone else pointed out the exact same way. However they also described
it was bad h0h0 magic to do it that way. So...
> Luckily, with Python 2.0 we're getting to the point where you can
> do this in a safer way without writing all the fork & exec stuff
> yourself. The function, os.spawnv(), is apparently here for
> compatibility with Windows! but it seems to be what we need;
> you can look at the os module to see how it works if you want.
>
> import os
> os.spawnv(os.P_WAIT, '/usr/local/bin/ssh', ('ssh', '-l', 'root',
> host, 'vi', '/usr/local/etc/apache.conf'))
>
> That last argument is a tuple of the argument list to ssh, starting
> with argv[0]. In the system() function, we would eventually invoke
> the shell to parse the string into these arguments, and that's where
> the unexpected metacharacters wreak their havoc. By passing the
> arguments directly to the ssh process, we avoid that.
I had thought about this briefly as well. And decided on an earlier
repliers advice it would be wiser to copy the file to the local machine
instead of editing it remotely.
> Now, for this particular command, ssh, you might as well fold the
> 'vi' and the file together, because ssh is going to do that for
> the remote shell to parse back out. So don't think you can get
> a sanitary calculated argument list through to the remote shell -
> that can't happen. Your example is OK, because the remote command
> is constant.
Well what I finally came up with, and I am no coder by any means, was the
following:
#!/usr/local/bin/python
import os
host = raw_input("Enter a hostname: ");
# Copy the file from the remote server to the local machine.
os.system("scp user@%s:/home/user/TESTFILE /tmp/TESTFILE" % host)
# Edit the local copy.
os.system("vi /tmp/TESTFILE")
# "Push" the new config file from the local machine to the remote machine
# using a secure ssh transport
os.system("rsync -v -P -p -e ssh /tmp/TESTFILE user@%s:/home/user/TESTFILE" % host)
How does this fare? Is this an acceptable solution? Or does this have
the words "GLARING BONE HEAD" in neon letters stamped on it?
I appreciate the replies and advice! Python seems to have a great group of
people surrounding it. Have a good weekend everyone!!
--
=============================================================================
-Chris Watson (316) 326-3862 | FreeBSD Consultant, FreeBSD Geek
Work: scanner at jurai.net | Open Systems Inc., Wellington, Kansas
Home: scanner at deceptively.shady.org | http://open-systems.net
=============================================================================
WINDOWS: "Where do you want to go today?"
LINUX: "Where do you want to go tommorow?"
BSD: "Are you guys coming or what?"
=============================================================================
irc.openprojects.net #FreeBSD -Join the revolution!
ICQ: 20016186
More information about the Python-list
mailing list