Securely passing arguments when opening a pipe to a program
Chris Liechti
cliechti at gmx.net
Fri Mar 1 15:51:50 EST 2002
Joonas Paalasmaa <joonas at olen.to> wrote in
news:3C7FE115.9832EE5C at olen.to:
> The problem is that the phonenumber string is not safe; it can even
> be "000; rm -fR ~/*". How can I securely pass arguments when
> opening the pipe?
> Is there a way to pass the arguments like in os.execv.
you could filter out any character that is not allowin in a phone
number before passing the string but then you could also use:
... popen2.popen2("gnokii --sendsms %d" % long(phonenumber)
and you will get an exception on illegal phone numbers
chris
--
Chris <cliechti at gmx.net>
More information about the Python-list
mailing list