Hi,
there is a rather old (2003) piece of code in sched/start that is giving
us problems right now. I can't find a comment what this should prevent.
The code is:
> def contains_shell_characters(command):
> return ('"' in command or "'" in command or
> '\\' in command or '|' in command or
> '>' in command)
>
> def exec_command_string(command):
> args = command.strip().split()
> os.chdir(tmp_dir)
> try:
> if contains_shell_characters(command):
> os.execl('/bin/sh', 'sh', '-c', ' '.join(args))
> else:
> os.execvp( args[0], args )
> # on success we don't reach here
> print >>sys.stderr, "Couldn't exec '%s'"%command
> except OSError, e:
> print >>sys.stderr, "Couldn't execute '%s':" %command, e
> os._exit(1)
We have daemons that contain " and ' characters but we don't want to run
through a shell. We would only need a shell if one of the other
characters is present and even then only if it really is used as a pipe
or redirection and not for example within a regular expression that is
an argument to the daemon executable.
We could write a more elaborate contains_shell_characters() function
that checks if one of |, \ or > is used as a pipe, concatenation or
redirection and only use a shell in those cases. Any comments?
This is the commit:
https://github.com/BOINC/boinc/commit/1138ff8651917e808903769ed7f76ee86fdd8b21
by Karl Chen.
_______________________________________________
boinc_dev mailing list
[email protected]
http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev
To unsubscribe, visit the above URL and
(near bottom of page) enter your email address.
