This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: avoid using a shell in uuid: replce os.popen with subprocess.Popen
Type: enhancement Stage:
Components: Versions: Python 3.5
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: Arfrever, josh.r, python-dev, serhiy.storchaka, vstinner
Priority: normal Keywords: patch

Created on 2014-10-14 22:35 by vstinner, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
uuid_popen.patch vstinner, 2014-10-14 22:35 review
uuid_popen-2.patch vstinner, 2014-10-15 07:17 review
Messages (5)
msg229364 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2014-10-14 22:35 
Attached patch modifies the uuid module to not use a shell: it replaces os.popen() with subprocess.Popen on UNIX.

Running a shell is slower and is more vulnerable to code injection.

I only modified code path on UNIX right now. They is still a call to os.popen() on Windows.

Note: The patch works on bytes string instead of Unicode.
msg229404 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2014-10-15 07:17 
Arfrever wrote me on IRC:
> Your patch for issue #22637 has print(executable)

Ooops. Updated patch without the print.
msg229777 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2014-10-21 19:40 
Besides few nitpicks the patch LGTM.
msg229783 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2014-10-21 20:34 
New changeset 8ee63d0bd7b8 by Victor Stinner in branch 'default':
Issue #22637: avoid using a shell in uuid
https://hg.python.org/cpython/rev/8ee63d0bd7b8
msg230689 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2014-11-05 16:01 
New changeset 16d6c2443131 by Victor Stinner in branch 'default':
Issue #22793, #22637: Add missing "import os" in uuid._ifconfig_getnode()
https://hg.python.org/cpython/rev/16d6c2443131
History
Date User Action Args
2022-04-11 14:58:09adminsetgithub: 66827
2014-11-05 16:01:01python-devsetmessages: + msg230689
2014-10-22 10:15:50vstinnersetstatus: open -> closed
resolution: fixed
2014-10-21 20:34:11python-devsetnosy: + python-dev
messages: + msg229783
2014-10-21 19:40:15serhiy.storchakasetnosy: + serhiy.storchaka
messages: + msg229777
2014-10-21 19:11:14serhiy.storchakalinkissue22688 superseder
2014-10-15 07:17:20vstinnersetfiles: + uuid_popen-2.patch

messages: + msg229404
2014-10-14 23:39:39Arfreversetnosy: + Arfrever
2014-10-14 23:12:07josh.rsetnosy: + josh.r
2014-10-14 22:35:37vstinnercreate