python 2.7.12 on Linux behaving differently than on Windows
BartC
bc at freeuk.com
Mon Dec 5 09:11:10 EST 2016
On 05/12/2016 12:23, Chris Angelico wrote:
> On Mon, Dec 5, 2016 at 10:42 PM, BartC <bc at freeuk.com> wrote:
>> At least Windows does it properly. It doesn't even chop the command line
>> into different parameters, making it considerably more flexible. (Unless you
>> have a program based on a C-style main(nargs,args) entry point where the C
>> runtime will do this for you.)
>
> Yes, because there's no way that you can ever get security problems
> from improperly parsing command-line arguments.
And you will never get any problems if a program expects 3 parameters
but instead gets some arbitrary number of arguments, perhaps thousands,
if one happens to be *, including some that could coincide with some
actual meaningful input that the program recognises.
That's why the
> recommended way to create a subprocess is os.system(), not the Popen
> calls that take a list of already-separated parameters. Right?
And nothing will ever go wrong with incorrectly calling Popen that
takes, if I counted them correctly, up to 14 different parameters?
BTW what does Popen() do when one argument is '*.*'? Will that get
expanded to multiple extra arguments, and at what point will it be
expanded?
(I tried to test it, but:
import subprocess
subprocess.Popen("python")
didn't work under Linux: 'No such file or directory'. It works under
Windows but I wanted to see what it did with a parameter *.
Another difference.)
--
Bartc
More information about the Python-list
mailing list