Merge "Security hardening: fix possible shell injection vulnerability"

2014-07-22 07:05:30 +00:00 · 2014-07-22 07:05:30 +00:00 · f4a2e9908a
parent 81e4a01818 63c606f696
commit f4a2e9908a
1 changed files with 3 additions and 3 deletions
--- a/glance/cmd/control.py
+++ b/glance/cmd/control.py
@ -129,9 +129,9 @@ def do_start(verb, pid_file, server, args):
                    pass

    def redirect_to_syslog(fds, server):
-        log_cmd = 'logger -t "%s[%d]"' % (server, os.getpid())
-        process = subprocess.Popen(log_cmd,
-                                   shell=True,
+        log_cmd = 'logger'
+        log_cmd_params = '-t "%s[%d]"' % (server, os.getpid())
+        process = subprocess.Popen([log_cmd, log_cmd_params],
                                   stdin=subprocess.PIPE)
        for desc in fds:  # pipe to logger command
            try: