Yet Another Command Line Parser
Andrew Dalke
adalke at mindspring.com
Tue Oct 26 19:46:34 EDT 2004
Alex:
> Not to defend exec (ugly thing it is), but in this case I'm not sure
> what the security hole would be.
In some sense we're both right, or wrong. Security depends on
the system. If someone saw that code, found it interesting, added
it to a script, which passed through a few people to someone
who uses it as part of a public service, then it's possible a
malicious user of that service may be able to execute arbitrary
code on the server.
> If I enter that tricky commandline at
> a shell prompt, it will be just as if i had executed the 'ls -l' at the
> same shell prompt; weird, but where is the huge security hole? It's not
> as if there were setuid shell scripts (is there...? I sure hope not!-).
In that environment there are fewer problems.
> but how are commandline arguments 'untrusted'...?
I had to think about that for a bit. Much of the work I do
(for money or otherwise) ends up being called by some sort
of web interface or is the interface to such code. Much of
the data I use can come from untrusted sources. So I've
developed a programming habit of being distrustful of any
data I get, even if it's from me.
As a consequence that also means I don't need to think about
the multiple levels in the system.
Andrew
dalke at dalkescientific.com
More information about the Python-list
mailing list