This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients brian.curtin, eric.araujo, jldm, r.david.murray, vstinner
Date 2010-12-03.12:35:34
SpamBayes Score 0.007628593
Marked as misclassified No
Message-id <1291379736.12.0.603595530618.issue10197@psf.upfronthosting.co.za>
In-reply-to
Content
-def getstatusoutput(cmd):
+def getstatusoutput(cmd, shell=True):

shell=True is dangerous, it can lead to shell command injection. I would prefer to set its default value to False. The function already exists in Python 3.1, but it is not used in Python source code. Is it too late to fix its API to avoid security vulnerabilities?
History
Date User Action Args
2010-12-03 12:35:36vstinnersetrecipients: + vstinner, eric.araujo, r.david.murray, brian.curtin, jldm
2010-12-03 12:35:36vstinnersetmessageid: <1291379736.12.0.603595530618.issue10197@psf.upfronthosting.co.za>
2010-12-03 12:35:34vstinnerlinkissue10197 messages
2010-12-03 12:35:34vstinnercreate