[issue7950] subprocess.Popen documentation should contain a good warning about the security implications when using shell=True
report at bugs.python.org
Thu Nov 11 23:58:37 CET 2010
Éric Araujo <merwok at netwok.org> added the comment:
Looks good to me, except the last two lines which I would reword or just remove.
I wonder how many people use shell=True merely for the convenience of passing a string instead of a list. What do you think about adding a mention of str.split and shlex.split?
type: security -> behavior
versions: -Python 2.6
Python tracker <report at bugs.python.org>
More information about the Python-bugs-list