[Bug 445714] Re: [FFE] Image Store Proxy must handle compressed images

Martin Pitt martin.pitt at ubuntu.com
Thu Oct 8 09:04:38 BST 2009


Can the user or third party ever control the file name argument? Things
like

  +            status, output = commands.getstatusoutput("gunzip %s" %
localPath)

are never robust, since localPath could contain spaces, or worse,
semicolons and other shell commands. That's why Python has an excellent
subprocess module, which avoids intermediate shells, and still makes it
comfortable to capture status and stdout/err.

-- 
[FFE] Image Store Proxy must handle compressed images
https://bugs.launchpad.net/bugs/445714
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to image-store-proxy in ubuntu.



More information about the Ubuntu-server-bugs mailing list