subprocess module usage

Cameron Simpson cs at zip.com.au
Mon Sep 1 10:46:52 CEST 2014


On 01Sep2014 14:33, Earl Lapus <earl.lapus at gmail.com> wrote:
>On Mon, Sep 1, 2014 at 1:39 PM, Chris Angelico <rosuav at gmail.com> wrote:
>> Glad it's working! But please, don't just take my word for it and make
>> a black-box change to your code. When you invoke subprocesses, be sure
>> you understand what's going on, and when shell=True is appropriate and
>> when shell=False is appropriate. The docs should be fairly clear on
>> this. If you get this sort of thing wrong, you'll get weird errors
>> like this (if you're lucky), or open yourself up to shell injection
>> vulnerabilities (if you're not).
>
>The command and arguments that will be passed to check_output will not
>depend on user input. So, the chances of malicious commands from being
>executed would be low (right?).

Not really. If the arguments are coming in from the command line, someone (a 
user, even if that user is the programmer) typed them. Even if not malicious, 
they can still be mistaken. Or just unfortunate.

You should always want to do exactly what you're asked. If you misuse 
shell=True when the user is expecting shell=False (i.e. "just do what I 
said!"), then your program will not carry out the user's intent. If it does not 
fail outright, it will presumably do the _wrong_ thing.

Cheers,
Cameron Simpson <cs at zip.com.au>

Music journalism: People who can't write interviewing people who can't talk
for people who can't read.      - Frank Zappa



More information about the Python-list mailing list