Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

avoid using a shell in uuid: replce os.popen with subprocess.Popen #66827

Closed
vstinner opened this issue Oct 14, 2014 · 5 comments
Closed

avoid using a shell in uuid: replce os.popen with subprocess.Popen #66827

vstinner opened this issue Oct 14, 2014 · 5 comments
Labels
type-feature A feature request or enhancement

Comments

@vstinner
Copy link
Member

BPO 22637
Nosy @vstinner, @serhiy-storchaka, @MojoVampire
Files
  • uuid_popen.patch
  • uuid_popen-2.patch
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = <Date 2014-10-22.10:15:50.750>
created_at = <Date 2014-10-14.22:35:37.631>
labels = ['type-feature']
title = 'avoid using a shell in uuid: replce os.popen with subprocess.Popen'
updated_at = <Date 2014-11-05.16:01:01.149>
user = 'https://github.com/vstinner'

    bugs.python.org fields:

    activity = <Date 2014-11-05.16:01:01.149>
actor = 'python-dev'
assignee = 'none'
closed = True
closed_date = <Date 2014-10-22.10:15:50.750>
closer = 'vstinner'
components = []
creation = <Date 2014-10-14.22:35:37.631>
creator = 'vstinner'
dependencies = []
files = ['36924', '36930']
hgrepos = []
issue_num = 22637
keywords = ['patch']
message_count = 5.0
messages = ['229364', '229404', '229777', '229783', '230689']
nosy_count = 5.0
nosy_names = ['vstinner', 'Arfrever', 'python-dev', 'serhiy.storchaka', 'josh.r']
pr_nums = []
priority = 'normal'
resolution = 'fixed'
stage = None
status = 'closed'
superseder = None
type = 'enhancement'
url = 'https://bugs.python.org/issue22637'
versions = ['Python 3.5']
    @vstinner
    Copy link
    Member Author

    Attached patch modifies the uuid module to not use a shell: it replaces os.popen() with subprocess.Popen on UNIX.

    Running a shell is slower and is more vulnerable to code injection.

    I only modified code path on UNIX right now. They is still a call to os.popen() on Windows.

    Note: The patch works on bytes string instead of Unicode.

    @vstinner vstinner added the type-feature A feature request or enhancement label Oct 14, 2014
    @vstinner
    Copy link
    Member Author

    Arfrever wrote me on IRC:

    Your patch for issue bpo-22637 has print(executable)

    Ooops. Updated patch without the print.

    @serhiy-storchaka
    Copy link
    Member

    Besides few nitpicks the patch LGTM.

    @python-dev
    Copy link
    Mannequin

    python-dev mannequin commented Oct 21, 2014

    New changeset 8ee63d0bd7b8 by Victor Stinner in branch 'default':
    Issue bpo-22637: avoid using a shell in uuid
    https://hg.python.org/cpython/rev/8ee63d0bd7b8

    @python-dev
    Copy link
    Mannequin

    python-dev mannequin commented Nov 5, 2014

    New changeset 16d6c2443131 by Victor Stinner in branch 'default':
    Issue bpo-22793, bpo-22637: Add missing "import os" in uuid._ifconfig_getnode()
    https://hg.python.org/cpython/rev/16d6c2443131

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees
    No one assigned
    Labels
    type-feature A feature request or enhancement
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    2 participants
    @vstinner @serhiy-storchaka