[docs] os.popen & os.system lack shell-related security warnings (issue 21557)

demianbrecht at gmail.com demianbrecht at gmail.com
Mon Dec 1 23:46:04 CET 2014


http://bugs.python.org/review/21557/diff/13339/Doc/library/os.rst
File Doc/library/os.rst (right):

http://bugs.python.org/review/21557/diff/13339/Doc/library/os.rst#newcode2905
Doc/library/os.rst:2905: .. warning::
This warning is a little confusing to me. If input sanitization is the
issue (which is a perfectly valid concern), why not explain the issue
and how to plug the hole rather than discouraging its use altogether?

As is, this reads a little strange to me given you're discouraging the
use due to a specific case and then in the next paragraph explaining how
to fix it. I'd rather just see an explanation of the possible security
hole and how to account for it to make the usage here safe.

http://bugs.python.org/review/21557/


More information about the docs mailing list