[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bash as a static lib in my application
|
From: |
Eli Schwartz |
|
Subject: |
Re: Bash as a static lib in my application |
|
Date: |
Thu, 18 Jun 2020 09:49:58 -0400 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0 |
On 6/18/20 6:52 AM, Praneeth Tss wrote:
> Hi,
> Need some advice on my approach. So, my motive was to develop an
> application which has a console on a web page and execute shell commands
> from the browser. I have sorted out all the communication between the
> browser and the user machine.
>
> These are the approaches I have taken once my c++ application receives the
> command from browser
> i) Use forkpty and fork a child process of bash of an existing terminal
> instance and pipe in commands and take out the stdout.
> ii.) Build a static library out of bash and use it in my application.
> Execute the command and get the output from the bash lib's code.
>
> I don't want to go with the first approach due to security reasons. So, I
> need some advice if the second approach is feasible or if there are any
> issues that I can get into with the second approach. Any help would be
> appreciated.
You're allowing users to run arbitrary shell commands. Why is doing that
using a fork+exec more of a security concern than allowing the arbitrary
shell commands in the first place?
--
Eli Schwartz
Arch Linux Bug Wrangler and Trusted User
signature.asc
Description: OpenPGP digital signature