[New-bugs-announce] [issue22637] avoid using a shell in uuid: replce os.popen with subprocess.Popen
STINNER Victor
report at bugs.python.org
Wed Oct 15 00:35:37 CEST 2014
New submission from STINNER Victor:
Attached patch modifies the uuid module to not use a shell: it replaces os.popen() with subprocess.Popen on UNIX.
Running a shell is slower and is more vulnerable to code injection.
I only modified code path on UNIX right now. They is still a call to os.popen() on Windows.
Note: The patch works on bytes string instead of Unicode.
----------
files: uuid_popen.patch
keywords: patch
messages: 229364
nosy: haypo
priority: normal
severity: normal
status: open
title: avoid using a shell in uuid: replce os.popen with subprocess.Popen
type: enhancement
versions: Python 3.5
Added file: http://bugs.python.org/file36924/uuid_popen.patch
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue22637>
_______________________________________
More information about the New-bugs-announce
mailing list