[Python-ideas] shutil.runret and shutil.runout
mwm at mired.org
Fri Feb 24 14:09:31 CET 2012
On Fri, 24 Feb 2012 15:00:25 +0200
anatoly techtonik <techtonik at gmail.com> wrote:
> On Fri, Feb 24, 2012 at 2:50 PM, Masklinn <masklinn at masklinn.net> wrote:
> > On 2012-02-24, at 12:12 , anatoly techtonik wrote:
> >> 1. they require try/catch
> > No.
> Quote from the docs:
> "Run command with arguments. Wait for command to complete. If the
> return code was zero then return, otherwise raise CalledProcessError."
Quote from the docs:
subprocess.call(args, *, stdin=None, stdout=None, stderr=None, shell=False)
Run the command described by args. Wait for command to complete,
then return the returncode attribute.
No documented exceptions raised, so no need for try/catch.
> >> 2. docs still refer Popen, which IS complicated
> > True.
> >> 3. contain shell FUD
> > No, they contain warnings, against shell injection security
> > risks. Warnings are not FUD, it's not trying to sell some sort
> > of alternative it's just warning that `shell=True` is dangerous
> > on untrusted input.
> Warnings would be o.k. if they provided at least some guidelines where
> shell=True can be useful and where do you need to use Popen (or
> escaping). Without positive examples, and a little research to show
> attack vectors (so that users can analyse if they are applicable in
> their specific case) it is FUD IMO.
You mean something like (quoting from the docs):
Executing shell commands that incorporate unsanitized input from
an untrusted source makes a program vulnerable to shell injection,
a serious security flaw which can result in arbitrary command
execution. For this reason, the use of shell=True is strongly
discouraged in cases where the command string is constructed from
Mike Meyer <mwm at mired.org> http://www.mired.org/
Independent Software developer/SCM consultant, email for more information.
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
More information about the Python-ideas