Message229363
Attached patch modifies the ctypes.util module to not use a shell: it replaces os.open() with subprocess.Popen on Linux.
Running a shell is slower and is more vulnerable to code injection.
I only modified code path on Linux right now. They are still calls to os.popen() on sunos5, freebsd, openbsd and dragonfly. |
|
Date |
User |
Action |
Args |
2014-10-14 22:32:55 | vstinner | set | recipients:
+ vstinner |
2014-10-14 22:32:55 | vstinner | set | messageid: <1413325975.89.0.175884398711.issue22636@psf.upfronthosting.co.za> |
2014-10-14 22:32:55 | vstinner | link | issue22636 messages |
2014-10-14 22:32:55 | vstinner | create | |
|