This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients Alexander.Pyhalov, josh.r, movement, pitrou, vstinner
Date 2019-08-21.11:06:13
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1566385573.7.0.378915129859.issue37790@roundup.psfhosted.org>
In-reply-to
Content 
This issue lacks a lot of information:

* What is your operating system (name and version)? On Linux, what is your Linux kernel version?
* Which Python version did you try?
* Which command are you running?
* Do you use a shell?
* Do you use bytes (default) or Unicode (universal_newlines=True or text=True)?
* Can you provide a minimum reproducer? I don't know how to use msg349894: cmd is not defined.

Attached 1.py uses 2 commands, appararently both use a shell:

* "find /usr/bin -type f 2>/dev/null"
* "objdump '%s'"

"objdump '%s'" is unsafe and can lead to shell injection: try to avoid the usage of a shell. Use subprocess.Popen directly, or an helper which doesn't use shell=True.
History
Date User Action Args
2019-08-21 11:06:13vstinnersetrecipients: + vstinner, pitrou, movement, Alexander.Pyhalov, josh.r
2019-08-21 11:06:13vstinnersetmessageid: <1566385573.7.0.378915129859.issue37790@roundup.psfhosted.org>
2019-08-21 11:06:13vstinnerlinkissue37790 messages
2019-08-21 11:06:13vstinnercreate