Movatterモバイル変換
[0]ホーム
Escaping strings to be used in shell commands?
Timothy Granttjg at exceptionalminds.com
Thu Apr 12 14:29:54 EDT 2001
On Thu, Apr 12, 2001 at 05:50:13PM +0000, Brian Langenberger wrote:> Timothy Grant <tjg at exceptionalminds.com> wrote:>> <snip!>>> :> Try checking into the crypt or md5 modules and try encrypting the> :> password from within python. Someone might actually want their> :> password to be ";rm -rf *", which is harmless to pass to crypt()> :> but undesirable to send to os.system().>> : Even given this caveat, the md5crypt module will generate> : strings that can't be passed directly to os.system()--the> : dollar signs must be escaped. Having just been through this a> : couple of weeks ago, the following regex solved the problem.>> : re.sub(r'\$', '\$', password.)>> That's better, of course, but I'm all in favor of not putting> passwords, hashed or otherwise, through os.system() whatsoever.> Any command-line arguments can show up in "ps", and having that> sort of info flying around can't be a good idea.>> I figure, if you need to update passwords from a Python app, just> build the app to update the requisite /etc files itself.> As flat text, Python should gobble them up without a hitch.I've been having all sorts of fun with Python and the pwd andgrp modules recently. I'll probably have a complete passworduser/group/password management system done fairly soon. But inthe meantime os.system has had to suffice.However, I am curious why there is more a problem with an appcalling the useradd command, than there is with an adminissuing a useradd from the command line?-- Stand Fast, tjg.Timothy Granttjg at exceptionalminds.comChief Technology Officer www.exceptionalminds.comHyperLINq Technologies, Inc. <>< (503) 246-3630>>>>>>>>>>>>>Linux, because rebooting is *NOT* normal<<<<<<<<<>>>>This machine was last rebooted: 15 days 20:37 hours ago<<
More information about the Python-listmailing list
[8]ページ先頭