OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: fuzzy luser_relay ?
From: Ralf Hildebrandt (news-list.postfix.usersinnominate.de)
Date: Fri Sep 01 2000 - 02:41:42 CDT

On 31 Aug 2000 20:42:03 +0200, Matthias Andree <madt.e-technik.uni-dortmund.de> wrote:

>Perl's open(F, "-|") forks and pipes the child's STDOUT to the file
>handle F, the return value of open is the same of fork(2) if that
>succeeds and undef if fork() fails -- 0 for the child context and the
>child's pid for the parent context, so this example is not complete in
>that it does not handle the "cannot fork" condition (should sleep some
>seconds and then exit(75) in that case, 75 == EX_TEMPFAIL).

Yeah, it was intutively clear to me he moment I saw it :)

>You could just as well re-implement the entire module then, the __init__
>method is fairly large. :-)

I decided using the agrepy module instead.

>Someone needs to either document the security implications or fix that.

This is strange. While writing my diploma thesis I had to get rid of that
shell since it caught the signal I was sending to terminate the programs I
tested. I resolved that problem somehow.

Perhaps popen2 could implement the same strategy as "local" -- only use a
shell if there are shell metacharacters in the command string. 

-- 
ralf.hildebrandtinnominate.de
Dipl.-Informatiker                                       innominate AG
system engineer                                      networking people
tel: +49.30.308806-62  fax: -77   http://innominate.de  pgp at request