[Bug 445714] Re: [FFE] Image Store Proxy must handle compressed images

Martin Pitt martin.pitt at ubuntu.com
Thu Oct 8 09:04:38 BST 2009

Can the user or third party ever control the file name argument? Things

  +            status, output = commands.getstatusoutput("gunzip %s" %

are never robust, since localPath could contain spaces, or worse,
semicolons and other shell commands. That's why Python has an excellent
subprocess module, which avoids intermediate shells, and still makes it
comfortable to capture status and stdout/err.

[FFE] Image Store Proxy must handle compressed images
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to image-store-proxy in ubuntu.

More information about the Ubuntu-server-bugs mailing list