055598028a
When using functions like subprocess.Popen etc to launch an external executable, the full path should be given. This prevents an attacker from manipulting the search path or placing a bogus executable that will be launched instead of the intended one. Change-Id: I4a11f988bc3e954331ab0f0902ea849c6ec31888
11 lines
230 B
Python
11 lines
230 B
Python
from subprocess import Popen as pop
|
|
|
|
pop('gcc --version', shell=False)
|
|
pop('/bin/gcc --version', shell=False)
|
|
pop(var, shell=False)
|
|
|
|
pop(['ls', '-l'], shell=False)
|
|
pop(['/bin/ls', '-l'], shell=False)
|
|
|
|
pop('../ls -l', shell=False)
|