You are viewing a single thread.
View all comments View context
4 points

You wouldn’t be hosed on Linux for example. Note that this applies to the arguments to the program, not just the program itself.

In other words if I do run(["echo", untrusted_input]) it would be totally fine on Linux.

permalink
report
parent
reply
-2 points

honestly i wouldn’t trust your linux example at all, what happens with run([“echo”, “&& rm -rf /“])

permalink
report
parent
reply
5 points

It would print “&& rm -rf /“ and nothing bad would happen.

permalink
report
parent
reply

Security

!security@programming.dev

Create post

A community for discussion about cybersecurity, hacking, cybersecurity news, exploits, bounties etc.

Rules :

  1. All instance-wide rules apply.
  2. Keep it totally legal.
  3. Remember the human, be civil.
  4. Be helpful, don’t be rude.

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

Community stats

  • 5

    Monthly active users

  • 73

    Posts

  • 125

    Comments

Community moderators