Safe usage of popen (#6490)

Avoid shell=True security issues with Popen
2024-09-04 17:06:04 -04:00 · 2024-09-04 17:06:04 -04:00 · 662a421b05
--- a/deepspeed/utils/numa.py
+++ b/deepspeed/utils/numa.py
@ -49,8 +49,8 @@ def check_for_numactl_pkg():
        flag, lib, tool = data
        path = distutils.spawn.find_executable(pkgmgr)
        if path is not None:
-            cmd = f"{pkgmgr} {flag} {lib}"
-            result = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
+            cmd = [pkgmgr, flag, lib]
+            result = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
            if result.wait() == 0:
                found = True
            else:
--- a/op_builder/async_io.py
+++ b/op_builder/async_io.py
@ -81,8 +81,8 @@ class AsyncIOBuilder(TorchCPUOpBuilder):
            flag, lib, tool = data
            path = distutils.spawn.find_executable(pkgmgr)
            if path is not None:
-                cmd = f"{pkgmgr} {flag} {lib}"
-                result = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
+                cmd = [pkgmgr, flag, lib]
+                result = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
                if result.wait() == 0:
                    found = True
                else:
--- a/op_builder/builder.py
+++ b/op_builder/builder.py
@ -482,7 +482,8 @@ class OpBuilder(ABC):
            cmds = [cmd]
        valid = False
        for cmd in cmds:
-            result = subprocess.Popen(f'type {cmd}', stdout=subprocess.PIPE, shell=True)
+            safe_cmd = ["bash", "-c", f"type {cmd}"]
+            result = subprocess.Popen(safe_cmd, stdout=subprocess.PIPE)
            valid = valid or result.wait() == 0

        if not valid and len(cmds) > 1:
--- a/op_builder/npu/async_io.py
+++ b/op_builder/npu/async_io.py
@ -74,8 +74,8 @@ class AsyncIOBuilder(NPUOpBuilder):
            flag, lib, tool = data
            path = distutils.spawn.find_executable(pkgmgr)
            if path is not None:
-                cmd = f"{pkgmgr} {flag} {lib}"
-                result = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
+                cmd = [pkgmgr, flag, lib]
+                result = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
                if result.wait() == 0:
                    found = True
                else:
--- a/op_builder/xpu/async_io.py
+++ b/op_builder/xpu/async_io.py
@ -70,8 +70,8 @@ class AsyncIOBuilder(OpBuilder):
            flag, lib, tool = data
            path = distutils.spawn.find_executable(pkgmgr)
            if path is not None:
-                cmd = f"{pkgmgr} {flag} {lib}"
-                result = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
+                cmd = [pkgmgr, flag, lib]
+                result = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
                if result.wait() == 0:
                    found = True
                else:
--- a/setup.py
+++ b/setup.py
@ -160,7 +160,8 @@ def command_exists(cmd):
        result = subprocess.Popen(f'{cmd}', stdout=subprocess.PIPE, shell=True)
        return result.wait() == 1
    else:
-        result = subprocess.Popen(f'type {cmd}', stdout=subprocess.PIPE, shell=True)
+        safe_cmd = ["bash", "-c", f"type {cmd}"]
+        result = subprocess.Popen(safe_cmd, stdout=subprocess.PIPE)
        return result.wait() == 0