testeronious@lemmy.world to Security@programming.devEnglish · 3 months agoBatBadBut: You can't securely execute commands on Windowsflatt.techexternal-linkmessage-square15fedilinkarrow-up127arrow-down11
arrow-up126arrow-down1external-linkBatBadBut: You can't securely execute commands on Windowsflatt.techtesteronious@lemmy.world to Security@programming.devEnglish · 3 months agomessage-square15fedilink
minus-squareFizzyOrange@programming.devlinkfedilinkEnglisharrow-up4·3 months agoYou wouldn’t be hosed on Linux for example. Note that this applies to the arguments to the program, not just the program itself. In other words if I do run(["echo", untrusted_input]) it would be totally fine on Linux.
minus-squarehatedbad@lemmy.sdf.orglinkfedilinkEnglisharrow-up1arrow-down3·3 months agohonestly i wouldn’t trust your linux example at all, what happens with run([“echo”, “&& rm -rf /“])
minus-squarearendjr@programming.devlinkfedilinkEnglisharrow-up5·3 months agoIt would print “&& rm -rf /“ and nothing bad would happen.
You wouldn’t be hosed on Linux for example. Note that this applies to the arguments to the program, not just the program itself.
In other words if I do
run(["echo", untrusted_input])it would be totally fine on Linux.honestly i wouldn’t trust your linux example at all, what happens with
run([“echo”, “&& rm -rf /“])It would print “&& rm -rf /“ and nothing bad would happen.