[Labs-l] Conversion issues
Marc A. Pelletier
marc at uberbox.org
Mon Sep 2 00:14:26 UTC 2013
On 09/01/2013 04:08 PM, John wrote:
> result = popen(u'whois -h whois.cymru.com <http://whois.cymru.com> " -v
> -f %s"' % IP).read()
> should give the whois results however I am getting a zero size response
> when run from the web, however when ran from term it works fine......
You are relying on the PATH variable for your executable which is, IIRC,
set to only /bin by apache. Invoking /usr/bin/whois explicitly will
remove that dependency and be considerably more secure to boot (there is
no risk that a path be injected into your script and make it execute the
wrong binary).
-- Marc
More information about the Labs-l
mailing list