fixed security bugs with unescaped input to the shell

author: Chris St. Pierre <chris.a.st.pierre@gmail.com> 2011-08-05 08:24:22 -0400
committer: Chris St. Pierre <chris.a.st.pierre@gmail.com> 2011-08-05 08:24:22 -0400
commit: f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7 (patch)
tree: 9c2a8c8daf8250c0aca46761381fe53488c3f839 /src/lib/Server/Plugins/SSHbase.py
parent: ed85e40bcbce07cc5e2d67b985e48c836d0a9079 (diff)
download: bcfg2-f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7.tar.gz
bcfg2-f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7.tar.bz2
bcfg2-f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7.zip
1 files changed, 1 insertions, 2 deletions
diff --git a/src/lib/Server/Plugins/SSHbase.py b/src/lib/Server/Plugins/SSHbase.py
index b15275815..8cc4ef6f7 100644
--- a/src/lib/Server/Plugins/SSHbase.py
+++ b/src/lib/Server/Plugins/SSHbase.py
@@ -169,8 +169,7 @@ class SSHbase(Bcfg2.Server.Plugin.Plugin,
                 self.ipcache[client] = (ipaddr, client)
                 return (ipaddr, client)
             except socket.gaierror:
-                cmd = "getent hosts %s" % client
-                ipaddr = Popen(cmd, shell=True, \
+                ipaddr = Popen(["getent", "hosts", client],
                                stdout=PIPE).stdout.read().strip().split()
                 if ipaddr:
                     self.ipcache[client] = (ipaddr, client)
author	Chris St. Pierre <chris.a.st.pierre@gmail.com>	2011-08-05 08:24:22 -0400
committer	Chris St. Pierre <chris.a.st.pierre@gmail.com>	2011-08-05 08:24:22 -0400
commit	f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7 (patch)
tree	9c2a8c8daf8250c0aca46761381fe53488c3f839 /src/lib/Server/Plugins/SSHbase.py
parent	ed85e40bcbce07cc5e2d67b985e48c836d0a9079 (diff)
download	bcfg2-f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7.tar.gz bcfg2-f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7.tar.bz2 bcfg2-f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7.zip