Message 146065 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	ncoghlan
Recipients	alex, ncoghlan
Date	2011-10-21.06:41:57
SpamBayes Score	0.02147777
Marked as misclassified	No
Message-id	<1319179318.53.0.205854726663.issue13238@psf.upfronthosting.co.za>
In-reply-to

Content
Perhaps a better idea would be to use different names, so it's clearer at the point of invocation that the shell is being invoked (and hence shell injection attacks are a potential concern). For example: shell_call check_shell_call check_shell_output That would make large applications easier to audit (just search for 'shell_') while still making life easier for sysadmins.

Perhaps a better idea would be to use different names, so it's clearer at the point of invocation that the shell is being invoked (and hence shell injection attacks are a potential concern). For example:

  shell_call
  check_shell_call
  check_shell_output

That would make large applications easier to audit (just search for 'shell_') while still making life easier for sysadmins.

History
Date	User	Action	Args
2011-10-21 06:41:58	ncoghlan	set	recipients: + ncoghlan, alex
2011-10-21 06:41:58	ncoghlan	set	messageid: <1319179318.53.0.205854726663.issue13238@psf.upfronthosting.co.za>
2011-10-21 06:41:57	ncoghlan	link	issue13238 messages
2011-10-21 06:41:57	ncoghlan	create