this post was submitted on 10 Apr 2024
26 points (96.4% liked)

Security

629 readers
46 users here now

A community for discussion about cybersecurity, hacking, cybersecurity news, exploits, bounties etc.

Rules :

  1. All instance-wide rules apply.
  2. Keep it totally legal.
  3. Remember the human, be civil.
  4. Be helpful, don't be rude.

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 1 year ago
MODERATORS
LinearArray
26
BatBadBut: You can't securely execute commands on Windows (flatt.tech)
submitted 5 months ago by [email protected] to c/security
15 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] FizzyOrange 4 points 5 months ago (1 children)

You wouldn't be hosed on Linux for example. Note that this applies to the arguments to the program, not just the program itself.

In other words if I do run(["echo", untrusted_input]) it would be totally fine on Linux.

[–] [email protected] -2 points 5 months ago (1 children)

honestly i wouldn’t trust your linux example at all, what happens with run([“echo”, “&& rm -rf /“])

[–] arendjr 5 points 5 months ago

It would print “&& rm -rf /“ and nothing bad would happen.