python 2.7.12 on Linux behaving differently than on Windows

BartC bc at freeuk.com
Mon Dec 5 09:11:10 EST 2016


On 05/12/2016 12:23, Chris Angelico wrote:
> On Mon, Dec 5, 2016 at 10:42 PM, BartC <bc at freeuk.com> wrote:
>> At least Windows does it properly. It doesn't even chop the command line
>> into different parameters, making it considerably more flexible. (Unless you
>> have a program based on a C-style main(nargs,args) entry point where the C
>> runtime will do this for you.)
>
> Yes, because there's no way that you can ever get security problems
> from improperly parsing command-line arguments.

And you will never get any problems if a program expects 3 parameters 
but instead gets some arbitrary number of arguments, perhaps thousands, 
if one happens to be *, including some that could coincide with some 
actual meaningful input that the program recognises.

  That's why the
> recommended way to create a subprocess is os.system(), not the Popen
> calls that take a list of already-separated parameters. Right?

And nothing will ever go wrong with incorrectly calling Popen that 
takes, if I counted them correctly, up to 14 different parameters?

BTW what does Popen() do when one argument is '*.*'? Will that get 
expanded to multiple extra arguments, and at what point will it be 
expanded?

(I tried to test it, but:

   import subprocess
   subprocess.Popen("python")

didn't work under Linux: 'No such file or directory'. It works under 
Windows but I wanted to see what it did with a parameter *.

Another difference.)

-- 
Bartc


More information about the Python-list mailing list