diff options
author | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2011-08-05 08:24:22 -0400 |
---|---|---|
committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2011-08-05 08:24:22 -0400 |
commit | f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7 (patch) | |
tree | 9c2a8c8daf8250c0aca46761381fe53488c3f839 /src/lib/Server/Plugins/SSHbase.py | |
parent | ed85e40bcbce07cc5e2d67b985e48c836d0a9079 (diff) | |
download | bcfg2-f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7.tar.gz bcfg2-f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7.tar.bz2 bcfg2-f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7.zip |
fixed security bugs with unescaped input to the shell
Diffstat (limited to 'src/lib/Server/Plugins/SSHbase.py')
-rw-r--r-- | src/lib/Server/Plugins/SSHbase.py | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/src/lib/Server/Plugins/SSHbase.py b/src/lib/Server/Plugins/SSHbase.py index b15275815..8cc4ef6f7 100644 --- a/src/lib/Server/Plugins/SSHbase.py +++ b/src/lib/Server/Plugins/SSHbase.py @@ -169,8 +169,7 @@ class SSHbase(Bcfg2.Server.Plugin.Plugin, self.ipcache[client] = (ipaddr, client) return (ipaddr, client) except socket.gaierror: - cmd = "getent hosts %s" % client - ipaddr = Popen(cmd, shell=True, \ + ipaddr = Popen(["getent", "hosts", client], stdout=PIPE).stdout.read().strip().split() if ipaddr: self.ipcache[client] = (ipaddr, client) |