[Bro-Dev] [JIRA] (BIT-1210) Safe "Exec" python subprocess.Popen style
Nicholas Weaver (JIRA)
jira at bro-tracker.atlassian.net
Wed Jun 25 09:45:07 PDT 2014
Nicholas Weaver created BIT-1210:
------------------------------------
Summary: Safe "Exec" python subprocess.Popen style
Key: BIT-1210
URL: https://bro-tracker.atlassian.net/browse/BIT-1210
Project: Bro Issue Tracker
Issue Type: New Feature
Components: Bro
Affects Versions: git/master
Reporter: Nicholas Weaver
Priority: Low
The system() and exec::command routines/types take a string which is passed to the shell for execution. This both has efficiency issues (needlessly invoking a shell) and security issues if str_shell_escape is forgotten/incorrect.
A better alternative (This would probably require a separate bif for backwards compatibility) would be in the style of Python's subprocess.Popen, which instead of taking a string takes a vector of strings, does not invoke a shell by default, and instead directly fork() and execvp's the new process, with the first argument being the target executable and the subsequent arguments forming the rest of the target's argv.
This has a substantial advantage as "Unlike some other popen functions, this implementation will never call a system shell implicitly. This means that all characters, including shell metacharacters, can safely be passed to child processes."
--
This message was sent by Atlassian JIRA
(v6.3-OD-07-013#6327)
More information about the bro-dev
mailing list