Message 146476 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	ncoghlan
Recipients	docs@python, eric.araujo, ezio.melotti, flox, ncoghlan, python-dev, rhettinger
Date	2011-10-27.07:30:56
SpamBayes Score	3.128945e-10
Marked as misclassified	No
Message-id	<1319700657.32.0.0489285752463.issue13237@psf.upfronthosting.co.za>
In-reply-to

Content
We can only protect people from themselves so much - "shell=True" is invaluable when you actually want to invoke the shell, and the shell has much better tools for process invocation and pipeline processing than Python does (since shells are, in effect, domain specific languages dedicated to those tasks). If someone is blindly copying and pasting code from the internet, then shell injection attacks are likely to be the least of the security problems in anything they're building. The point of the examples is to demonstrate the return code handling and using the shell is the easiest way to do that. I'll add a note to the docstrings to be aware of the security issues with the parameter, though. As far as the keyword arguments go, no, I can't just drop the bare '' from the abbreviated signature, because that would be making claims about the signature that are just plain wrong* (there are other positional arguments that appear before 'stdin'). I'll add a note explaining that point somewhere in the 2.7 version, though.

We can only protect people from themselves so much - "shell=True" is invaluable when you actually want to invoke the shell, and the shell has much better tools for process invocation and pipeline processing than Python does (since shells are, in effect, domain specific languages dedicated to those tasks).

If someone is blindly copying and pasting code from the internet, then shell injection attacks are likely to be the *least* of the security problems in anything they're building.

The point of the examples is to demonstrate the return code handling and using the shell is the easiest way to do that. I'll add a note to the docstrings to be aware of the security issues with the parameter, though.

As far as the keyword arguments go, no, I can't just drop the bare '*' from the abbreviated signature, because that would be making claims about the signature that are just plain *wrong* (there are other positional arguments that appear before 'stdin'). I'll add a note explaining that point somewhere in the 2.7 version, though.

History
Date	User	Action	Args
2011-10-27 07:30:57	ncoghlan	set	recipients: + ncoghlan, rhettinger, ezio.melotti, eric.araujo, flox, docs@python, python-dev
2011-10-27 07:30:57	ncoghlan	set	messageid: <1319700657.32.0.0489285752463.issue13237@psf.upfronthosting.co.za>
2011-10-27 07:30:56	ncoghlan	link	issue13237 messages
2011-10-27 07:30:56	ncoghlan	create