lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20250901103819.77b8fc19@kernel.org>
Date: Mon, 1 Sep 2025 10:38:19 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Breno Leitao <leitao@...ian.org>
Cc: davem@...emloft.net, netdev@...r.kernel.org, edumazet@...gle.com,
 pabeni@...hat.com, andrew+netdev@...n.ch, horms@...nel.org, joe@...a.to,
 sdf@...ichev.me, linux-kselftest@...r.kernel.org
Subject: Re: [PATCH net-next 2/2] selftests: net: py: don't default to
 shell=True

On Mon, 1 Sep 2025 02:34:05 -0700 Breno Leitao wrote:
> On Sat, Aug 30, 2025 at 11:43:17AM -0700, Jakub Kicinski wrote:
> > @@ -45,6 +48,10 @@ import time
> >          if host:
> >              self.proc = host.cmd(comm)
> >          else:
> > +            # If user doesn't explicitly request shell try to avoid it.
> > +            if shell is None and isinstance(comm, str) and ' ' in comm:
> > +                comm = comm.split()  
> 
> I am wondering if you can always split the string, independently if
> shell is True or now. Passing comm as a list is usually recommend, even
> when shell is enabled. Also, if there is no space, split() will return
> the same string.

Not sure how that'll interact with various shells..
I'd rather play it safe.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ