On Thu, Jul 01, 2021 at 02:18:06PM +0300, Kevin N. wrote:
> From what I can see postconf and postmap are called using Python's
> subprocess.Popen, like so:
>
> subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.STDOUT,
> encoding='utf-8', shell=False)
>
> where:
> args = ['/usr/sbin/postconf', '-xh', 'virtual_alias_maps']
> and
> args = ['/usr/sbin/postmap', '-q',
> 'recipient@from-postfix-check-policy-service-call',
> 'hash:/etc/postfix/virtual_aliases']
>
> With shell=False and assuming that Python doesn't have some nasty bug in
> this area, is it safe to assume that shell command injection would not
> be possible in this case?
It appears that some care has been taken to do it right. In principle
something like this should be sufficient. You'll need to review the
code and API documentation in detail to convince yourself that there
are no loose ends.
--
Viktor.
