[mod_python] Pipes and security

Richard Lewis richardlewis at fastmail.co.uk
Tue Jul 25 06:21:40 EDT 2006


Hi there,

Just investigating some possible implementation methods.

Does it pose a security risk in mod_python to do this sort of thing:

def handler(req):
  # code is from memory so may not be correct
  # but its the idea thats important ;-)
  i, o = os.popen2("cmd")
  i.write("some data")
  i.close()
  
  req.write(o.read())
  o.close()

I don't really understand it properly, but I've read before now that using 
pipes to execute shell commands from CGI scripts can be insecure. Does the 
same apply with Apache modules like mod_python?

Cheers,
Richard
-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Richard Lewis
Sonic Arts Research Archive
http://www.sara.uea.ac.uk/
JID: ironchicken at jabber.earth.li
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


More information about the Mod_python mailing list