[issue7950] subprocess.Popen documentation should contain a good warning about the security implications when using shell=True

Éric Araujo report at bugs.python.org
Thu Nov 11 23:58:37 CET 2010

Éric Araujo <merwok at netwok.org> added the comment:

Looks good to me, except the last two lines which I would reword or just remove.

I wonder how many people use shell=True merely for the convenience of passing a string instead of a list.  What do you think about adding a mention of str.split and shlex.split?

nosy: +eric.araujo
type: security -> behavior
versions:  -Python 2.6

Python tracker <report at bugs.python.org>

More information about the Python-bugs-list mailing list