[Python-ideas] shutil.runret and shutil.runout
Mike Meyer
mwm at mired.org
Sun Feb 26 16:26:27 CET 2012
On Sun, 26 Feb 2012 21:46:33 +1000
Nick Coghlan <ncoghlan at gmail.com> wrote:
> On Sun, Feb 26, 2012 at 6:53 PM, Eli Bendersky <eliben at gmail.com> wrote:
> > The Chef/Puppet/Fabric example is a good one to support this point - Ruby,
> > like Python is also more a dev language than a sysadmin language, and yet
> > Chef & Puppet are written in Ruby and not Perl.
> For the key operation I'm talking about here, though, Ruby works the
> same way Perl does: it supports shell command execution via backtick
> quoted strings with implicit string interpolation.
Does Ruby also have something like Perl's -t/-T options and
supporting functions?
> Is it really that hard to admit that there are some tasks that other
> languages are currently just plain better for than Python, and perhaps
> we can learn something useful from that?
The key word is "perhaps". There are some things other languages are
better at than Python, and Python is the better off for it. I think
that "supporting code injection attacks" is one such feature.
> (And no, I'm not suggesting
> we adopt backtick command execution or implicit string interpolation.
> A convenience API that combines shell invocation, explicit string
> interpolation and whitespace and shell metacharacter quoting, though,
> *that* I support).
I'm only willing to support it if it's at least as safe as
Perl. Meaning that either 1) It doesn't really invoke the shell, but
handles provides those features explicitly, or 2) it throws errors if
passed tainted strings.
On the other hand, my support (or lack of it) isn't worth very much.
<mike
--
Mike Meyer <mwm at mired.org> http://www.mired.org/
Independent Software developer/SCM consultant, email for more information.
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
More information about the Python-ideas
mailing list