So the reason this runs with shell = true is because it uses POSIX pipes to do redirection as part of the backup / restore command.
Is there a viable alternative which we can use that allows us to work with pipes doing the backup, and still harden the code wrt the security concern identified here?
So the reason this runs with shell = true is because it uses POSIX pipes to do redirection as part of the backup / restore command.
Is there a viable alternative which we can use that allows us to work with pipes doing the backup, and still harden the code wrt the security concern identified here?