Quotation Ugliness

Tim Daneliuk tundra at tundraware.com
Wed Nov 26 16:36:47 CET 2014

On 11/26/2014 09:09 AM, Chris Angelico wrote:
> On Thu, Nov 27, 2014 at 2:07 AM, Chris Angelico <rosuav at gmail.com> wrote:
>> I was searching the ol' memory banks, trying to figure out if there
>> was some way to tell the internal 'echo' command to use slash instead
>> of dash (maybe for DOS/Windows people??), in which case that would be
>> parsed as "echo -- hello" and would indeed simply echo "hello".
> Speaking of which, it's entirely possible to have a "-sudo" parameter
> to a command (which would be "-s -u -d -o" to many programs), so
> that's another way to get a false positive.
> ChrisA

Yeah, there is no foolproof way to do this short of implementing a parser
that acts exactly as the shell itself would when parsing the command line.

The more I think about this, the more I think I am just going to look for the
string 'sudo' anywhere in the argument.  This merely will force the user to
enter their sudo password if detected.  If it turns out to be a false positive,
no harm will be done and the password will just go unused.

Thanks for the feedback.
Tim Daneliuk     tundra at tundraware.com
PGP Key:         http://www.tundraware.com/PGP/

More information about the Python-list mailing list