[Bro-Dev] [JIRA] (BIT-1210) Safe "Exec" python subprocess.Popen style

Wed Jun 25 09:45:07 PDT 2014

Nicholas Weaver created BIT-1210:
------------------------------------

             Summary: Safe "Exec" python subprocess.Popen style
                 Key: BIT-1210
                 URL: https://bro-tracker.atlassian.net/browse/BIT-1210
             Project: Bro Issue Tracker
          Issue Type: New Feature
          Components: Bro
    Affects Versions: git/master
            Reporter: Nicholas Weaver
            Priority: Low

The system() and exec::command routines/types take a string which is passed to the shell for execution.  This both has efficiency issues (needlessly invoking a shell) and security issues if str_shell_escape is forgotten/incorrect.

A better alternative (This would probably require a separate bif for backwards compatibility) would be in the style of Python's subprocess.Popen, which instead of taking a string takes a vector of strings, does not invoke a shell by default, and instead directly fork() and execvp's the new process, with the first argument being the target executable and the subsequent arguments forming the rest of the target's argv.

This has a substantial advantage as "Unlike some other popen functions, this implementation will never call a system shell implicitly. This means that all characters, including shell metacharacters, can safely be passed to child processes."

--
This message was sent by Atlassian JIRA
(v6.3-OD-07-013#6327)