[issue10197] subprocess.getoutput fails on win32
STINNER Victor
report at bugs.python.org
Fri Dec 3 13:35:36 CET 2010
STINNER Victor <victor.stinner at haypocalc.com> added the comment:
-def getstatusoutput(cmd):
+def getstatusoutput(cmd, shell=True):
shell=True is dangerous, it can lead to shell command injection. I would prefer to set its default value to False. The function already exists in Python 3.1, but it is not used in Python source code. Is it too late to fix its API to avoid security vulnerabilities?
----------
nosy: +haypo
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue10197>
_______________________________________
More information about the Python-bugs-list
mailing list