[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] popen from a hook
From: |
Brian May |
Subject: |
Re: [Monotone-devel] popen from a hook |
Date: |
Sun, 19 Nov 2006 18:16:00 +1100 |
User-agent: |
Gnus/5.110006 (No Gnus v0.6) XEmacs/21.4.19 (linux) |
>>>>> "Nathaniel" == Nathaniel Smith <address@hidden> writes:
Nathaniel> This seems reasonable enough. A better solution, if
Nathaniel> it's not too hard, would be to just provide an actually
Nathaniel> safe version of popen -- one that takes a command line
Nathaniel> vector, rather than string.
This would be my preference.
Nathaniel> I don't like this one too much. Partly because I'm
Nathaniel> still not sure it goes far enough -- spaces are
Nathaniel> possibly the most benign shell metacharacter, but they
Nathaniel> are still a shell metacharacter, and allowing them may
Nathaniel> be dangerous. Partly because even if this is safe, it
Nathaniel> makes it easy to introduce latent bugs -- J. Random
Nathaniel> User writes a hook, uses popen without realizing the
Nathaniel> danger, it works fine in his tests, but then in real
Nathaniel> life his hook starts failing. Better to fail than to
Nathaniel> open a security hole, but still not really ideal.
There always exists the possibility that same sequence of characters,
which would appear harmless, is actual interpreted specially by the
shell.
Better not to involve the shell in the first place IMHO.
Programming languages that don't allow you to do this (php comes to
mind) or force you to use low level operations (perl, for some things,
comes to mind) annoy me.
--
Brian May <address@hidden>