Quotation Ugliness

Chris Angelico rosuav at gmail.com
Wed Nov 26 16:48:10 CET 2014


On Thu, Nov 27, 2014 at 2:36 AM, Tim Daneliuk <tundra at tundraware.com> wrote:
> The more I think about this, the more I think I am just going to look for
> the
> string 'sudo' anywhere in the argument.  This merely will force the user to
> enter their sudo password if detected.  If it turns out to be a false
> positive,
> no harm will be done and the password will just go unused.

That sounds reasonable; imperfect, but reasonable. But what happens if
the password "goes unused"? Will it be provided on stdin to the
program? That could be VERY bad in two ways (revealing the password,
and breaking the program's expectations).

ChrisA



More information about the Python-list mailing list