Re: func command module pipe problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I also don't believe that injections are a concern. Also I usually use many pipes which makes it more complicated if I would use shell pipes in python.

thanks,
Ozgur Akan

On Wed, Dec 3, 2008 at 11:09 AM, Michael DeHaan <mdehaan@xxxxxxxxxx> wrote:
Adam Stokes wrote:
Using shell=True is not a good idea as it could allow for problematic injections. I think it would be beneficial to use the python way of handling pipes
 

IMHO, Func is already an API that allows doing lots of nice things as root so injections are not a huge concern.   If you have access to Func you can already install and run whatever code you like -- by design.

However if someone is surfacing Func in the web app, they should not surface the shell=True version.

The problem of filtering injections is therefore the problem of the owner of the webapp, just as it is with someone writing a SQL-using program.



----- Original Message -----
From: "Silas Sewell" <silas@xxxxxxxxx>
To: "Michael DeHaan" <mdehaan@xxxxxxxxxx>
Cc: func-list@xxxxxxxxxx
Sent: Monday, November 24, 2008 5:21:14 PM GMT -05:00 US/Canada Eastern
Subject: Re: func command module pipe problem

If you enable shell in the command module you can use pipes. I created a
simple module which does just that.

http://github.com/silas/func-modules/tree/master/command_plus.py

On Mon, Nov 24, 2008 at 2:57 PM, Michael DeHaan <mdehaan@xxxxxxxxxx> wrote:

 
Ozgur Akan wrote:

   
Hi,

I am trying to use func command module

https://fedorahosted.org/func/wiki/CommandModule

When I use pipe in the command it can not run the command.

func myserver.domain.com <http://myserver.domain.com> call command run
"ps -fe | grep root"

How can I override this problem?

thanks,
Ozgur Akan
------------------------------------------------------------------------

_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list

     
Subprocess does not do shell pipes, though it does /implement/ pipes.

What you want to do is use Func's process module and if neccessary add
modifications to allow you to filter the results, or write an API script
using Func that filters the results.

--Michael


_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list

   



 

_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list

_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list
[Index of Archives]     [Fedora Users]     [Linux Networking]     [Fedora Legacy List]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux