Message 229363 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	vstinner
Recipients	vstinner
Date	2014-10-14.22:32:55
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1413325975.89.0.175884398711.issue22636@psf.upfronthosting.co.za>
In-reply-to

Content
Attached patch modifies the ctypes.util module to not use a shell: it replaces os.open() with subprocess.Popen on Linux. Running a shell is slower and is more vulnerable to code injection. I only modified code path on Linux right now. They are still calls to os.popen() on sunos5, freebsd, openbsd and dragonfly.

Attached patch modifies the ctypes.util module to not use a shell: it replaces os.open() with subprocess.Popen on Linux.

Running a shell is slower and is more vulnerable to code injection.

I only modified code path on Linux right now. They are still calls to os.popen() on sunos5, freebsd, openbsd and dragonfly.

History
Date	User	Action	Args
2014-10-14 22:32:55	vstinner	set	recipients: + vstinner
2014-10-14 22:32:55	vstinner	set	messageid: <1413325975.89.0.175884398711.issue22636@psf.upfronthosting.co.za>
2014-10-14 22:32:55	vstinner	link	issue22636 messages
2014-10-14 22:32:55	vstinner	create