[Python-Dev] Re: Two patches for the new subprocess module
nick at craig-wood.com
Wed Nov 24 10:55:37 CET 2004
On Tue, Nov 23, 2004 at 12:47:37PM -0800, Russell E. Owen wrote:
> In article <20041123150846.GA22827 at craig-wood.com>,
> Nick Craig-Wood <nick at craig-wood.com> wrote:
> > I have submitted two patches for the subprocess module against cvs
> > HEAD. The first notifies the user of a common mistake...
> > subprocess has a very easy to mistake error in it - forgetting to pass
> > the command as a list.... with the patch...
> > >>> subprocess.call("ls", "-l")
> > Traceback (most recent call last):
> > File "<stdin>", line 1, in ?
> > File "subprocess.py", line 428, in call
> > return Popen(*args, **kwargs).wait()
> > File "subprocess.py", line 508, in __init__
> > raise TypeError("bufsize must be an integer - "
> > TypeError: bufsize must be an integer - did you forget to pass your arguments
> > in a list?
> I hope you didn't totally eliminate the ability for Popen and call to
> accept args as a string? It is a useful feature and one I've been using.
No, you can still pass *ONE* string as an arg, and that works fine.
If you attempt to pass two (not in a list) it raises an exception as
If you pass two arguments to Popen() or call() the second actually
sets the buffer size...
> If you have broken this, please consider some alternative to your patch.
> Perhaps changing the default for shell to True if args is a string,
> False if a list would suffice? I'm not sure this is really the right
> thing to do on all platforms, but it'd be an easy fix (use shell=None in
> the argument list and then convert it to True or False as needed).
That is a really bad idea IMHO! Its exactly what perl does in its
system() built in function, and it is a huge source of security holes
in perl scripts.
Eg programmer writes system("prog"). Then realises that prog needs an
argument so writes system("prog $arg"). This is now a potential
security problem if $arg was supplied by a user, because this will be
interpreted by the shell. Say the user makes $arg="blah ; rm -rf *"
then you are in trouble. If you are thinking about security you'd
write system("prog", $arg), but the only way this error is caught in
perl is with code review.
Back to python - the subprocess module doesn't have this problem.
subprocess.call("prog "+arg) won't actually work because it won't find
the binary called "prog "+arg. It will just throw an exception at
that point - a very definite clue to the programmer that there is a
>>> subprocess.call("ls -l")
Traceback (most recent call last):
File "<stdin>", line 1, in ?
File "subprocess.py", line 447, in call
return Popen(*args, **kwargs).wait()
File "subprocess.py", line 592, in __init__
File "subprocess.py", line 1024, in _execute_child
OSError: [Errno 2] No such file or directory
Having to write
subprocess.call("prog "+arg, shell=True)
at least should give the programmer pause for thought, and hopefully
the shorter and better
would come to mind.
Nick Craig-Wood <nick at craig-wood.com> -- http://www.craig-wood.com/nick
More information about the Python-Dev