Directory names from untrusted data
Albert Hofkamp
hat at se-126.se.wtb.tue.nl
Tue Sep 16 09:17:18 EDT 2003
On Sat, 13 Sep 2003 16:08:52 +0100, Jim Dabell <jim-usenet at jimdabell.com> wrote:
>
> I'm in the middle of writing a small app for Linux that needs to create
> directories that take their names from untrusted data. If possible, I'd
> like to preserve special characters rather than switching them with dummy
> characters. For instance, using bash, I'd just escape characters with
Preserving characters supplied by untrusted data sounds like you do
trust your supplier at least a little bit. Depending on how paranoid you
are and how secure you must be, this may be dangerous.
> backslashes when I want to create a directory name with, say, a slash in.
>
> I've been through the manual, Google and Usenet, and I've done a bit of
> experimenting, but I can't seem to find a way of doing this in python. The
Do what in Python?
Filtering chars or making dirs?
Both can easily be done in Python
Filtering:
safename=''
for kar in untrustedname:
if kar in string.letters:
safename=safename+kar
else:
safename=safename+'_'
Making dir:
os.path.mkdir(safename)
Obviously, the code above is extremely non-secure, you should do some
checking on existance of the directory name, provide an atomic creation
primitive, and set the access rights to something sensible.
> only thing I can think of is to spawn a bash shell to do it, which I'd
> rather not have to do. Does anybody have a better way of doing this?
> Also, are there any other things I should watch out for (e.g. excessively
> long names)?
Short answer: Everything, including all things you think you can trust.
Longer answer: Read a few docs about secure programming to get
sufficiently paranoid.
Albert
--
Unlike popular belief, the .doc format is not an open publically available format.
More information about the Python-list
mailing list