[Python-ideas] shutil.runret and shutil.runout
Andrew McNabb
amcnabb at mcnabbs.org
Fri Feb 24 18:24:54 CET 2012
On Sat, Feb 25, 2012 at 12:11:57AM +1000, Nick Coghlan wrote:
>
> As things stand, Python is a lousy language for system administration
> tasks - the standard APIs are either *very* low level (os.system()) or
> they're written almost entirely from the point of view of an
> application programmer (subprocess). Even when I *am* the
> administrator writing automation scripts for my own use, the
> subprocess library still keeps getting in the way, telling me it isn't
> safe to access my own shell.
>
> Normally, Python is pretty good about striking a sensible balance
> between "safe defaults" and "consenting adults", but it currently
> fails badly on this particular point.
I disagree with this analysis. Python, with its fantastic subprocess
module, is the only language I really trust for system administration
tasks. Most languages provide "shell=True" as the default, making them
extremely frustrating for system administration. Every time I choose to
write a shell script instead of using Python, the lack of robustness
makes me eventually regret it (and then rewrite in Python with
subprocess).
Setting "shell=True" (or equivalent) seems really convenient in the
short term, but in the long term, scripts behave erratically and are
vulnerable to attacks. The subprocess module (with "shell=False") is a
wonderful balance between "safe defaults" and "consenting adults".
--
Andrew McNabb
http://www.mcnabbs.org/andrew/
PGP Fingerprint: 8A17 B57C 6879 1863 DE55 8012 AB4D 6098 8826 6868
More information about the Python-ideas
mailing list