Comment 3 for bug 180209

Revision history for this message
Sabin Iacob (iacobs) wrote :

quotes aren't the only problem, the "!" character, for instance, is used for history expansion by bash, and when improperly quoted results in an error message; in my case the sysadmin decided to use an automatically generated string as a passphrase, and it contained '!' and '"', and the generated psk was always None. Also, a correctly crafted passphrase allows the user to run anything with root privileges, so something like this:

escape_re = re.compile('(?=[^a-zA-Z0-9_.\/\-\x7F-\xFF])')

def shell_escape(data):
    return escape_re.sub('\\\\', data)

in could be a good idea.