So I have a Raspberry Pi unit that is set up to check a gmail account and if new mail appears, it reads it out loud via festival.
I interact with Festival via a crude 'echo "' + str(message) + '" | festival --tts' call where message is the content of an incoming email.
I am guessing that somebody could send something nasty in that message and destroy the computer and I am wondering if there is a good way to clean the message and make the process more safe in general.
I can validate email addresses but, even within validated emails, I want to have any checks I can in place.
Is there a reason you have to use the shell to invoke festival?
If not, just stay within python and use a lib (e.g. pyfestival) for that as this is probably simpler and you don't have the risk of someone injecting shell code into the message.
Update: As you want to call it via a separate process, try it with something like that (not tested yet though)
from subprocess import Popen, PIPE
p = Popen(['festival', '--tts'], stdin=PIPE)
p.communicate(input=message)
The above is a customized version of that question's answer