Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #77395
| References | <CAPrJNb4_m-1sqwzUcqnHR6jTFo-Tp=a1hLgTvXrujXW5sAUkpg@mail.gmail.com> <CAPTjJmrq-azU3CvKi9FqxXNYALJu_cF-WtjTcB4YDnTectyCCA@mail.gmail.com> <CAPrJNb7Ur9sTqhWoxMWzTFCBJkLrm--rW8aq_aK36w9meYDG-A@mail.gmail.com> <CAPTjJmroWHW6TRj_TG5Dy8hUtQs5ALEZv+ygdz4hHTH43oKK1A@mail.gmail.com> |
|---|---|
| Date | 2014-09-01 14:33 +0800 |
| Subject | Re: subprocess module usage |
| From | Earl Lapus <earl.lapus@gmail.com> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.13684.1409553202.18130.python-list@python.org> (permalink) |
On Mon, Sep 1, 2014 at 1:39 PM, Chris Angelico <rosuav@gmail.com> wrote: > > Glad it's working! But please, don't just take my word for it and make > a black-box change to your code. When you invoke subprocesses, be sure > you understand what's going on, and when shell=True is appropriate and > when shell=False is appropriate. The docs should be fairly clear on > this. If you get this sort of thing wrong, you'll get weird errors > like this (if you're lucky), or open yourself up to shell injection > vulnerabilities (if you're not). > The command and arguments that will be passed to check_output will not depend on user input. So, the chances of malicious commands from being executed would be low (right?). What I'm really after is just to execute a specific command and 1) retrieve it's output (if any) 2) detect any error returned while executing the command. Anyway, I'll take your advise and review the documentation again. Cheers, Earl -- There are seven words in this sentence.
Back to comp.lang.python | Previous | Next | Find similar | Unroll thread
Re: subprocess module usage Earl Lapus <earl.lapus@gmail.com> - 2014-09-01 14:33 +0800
csiph-web