[Python-Dev] Re: subprocess - updated popen5 module
astrand at lysator.liu.se
Mon Oct 11 22:41:38 CEST 2004
On Mon, 11 Oct 2004, Jason Lunz wrote:
> > If we should remove the cmdline2list stuff, what should happen if the
> > users passes a string on UNIX? Do you prefer:
> > 1) Run through the shell (automatic shell=True).
> > or
> > 2) A ValueError raised.
> > I guess alternative 1 is most intuitive. That would line up with
> > popen2 as well.
> Use of the shell should be explicit, not automatic, because of the usual
> shell metacharacter security concerns. unix programmers used to doing
> os.system('ls -l') will quickly learn that the subprocess way of doing
> the same is subprocess.call('ls -l', shell=True). This has the added
> benifit of making it obvious exactly what's happening.
> I don't think that the only alternative to number 1) is to raise a ValueError.
> What do you think of the below patch? Just listify bare strings on unix. This
> does exactly what it should when the string actually references a binary, and
> gives a meaningful error when it doesn't. Even if the filename has strange
> characters of some kind.
I like it. I've submitted your patch (but with documentation updates as
/Peter Åstrand <astrand at lysator.liu.se>
More information about the Python-Dev