Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Elegant system calls in haskell

I'm making a web-site where users can log in using the kerberos service. Though, it's quite irrelevant for my problem.

Since I'm using kerberos I want to use a system call to invoke kinit, but I don't know the best way to do it.

So far I got:

module Kerberos where

system :: String -> IO ExitCode
-- system is loaded through imports

type Username = String
type Password = String

kerberosValidate :: Username -> Password -> IO Bool
kerberosValidate username password = fmap (== ExitSuccess) $ 
  system $ "echo " ++ password ++ " | kinit " ++ username 

Something like that, which should work so-so. I have three problems with this though.

  • There is no escaping of the username and password strings. This is important since there being a website passing any received input to this function.
  • Ideally password should not be passed to kinit process with echo password |. Is there some function taking standard in as an argument?
  • Similarly for username, username should be passed as an argument. I think rawSystem solves this though.

Is there any system-function that helps me out here?

like image 560
Tarrasch Avatar asked Jun 12 '11 18:06

Tarrasch


1 Answers

Use createProcess and friends from System.Process.


A note on security: I'd advise against passing any strings through uninterpreted. You could easily write a parser for your commands, build a Haskell AST out of the result of the parse that is guaranteed to be safe, then render that to the system command. That way you'd get a static guarantee against string injection attacks, enforced by the type of the parser.

like image 93
Don Stewart Avatar answered Oct 02 '22 09:10

Don Stewart