os.popen & os.system lack shell-related security warnings (issue 21557)
![](https://secure.gravatar.com/avatar/e8e6bab996ec82323d119dc21edc015f.jpg?s=120&d=mm&r=g)
Dec. 1, 2014
2:46 p.m.
http://bugs.python.org/review/21557/diff/13339/Doc/library/os.rst File Doc/library/os.rst (right): http://bugs.python.org/review/21557/diff/13339/Doc/library/os.rst#newcode290... Doc/library/os.rst:2905: .. warning:: This warning is a little confusing to me. If input sanitization is the issue (which is a perfectly valid concern), why not explain the issue and how to plug the hole rather than discouraging its use altogether? As is, this reads a little strange to me given you're discouraging the use due to a specific case and then in the next paragraph explaining how to fix it. I'd rather just see an explanation of the possible security hole and how to account for it to make the usage here safe. http://bugs.python.org/review/21557/
3703
Age (days ago)
3703
Last active (days ago)
0 comments
1 participants
participants (1)
-
demianbrecht@gmail.com