Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.lang.python > #77401

Re: subprocess module usage

Path csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!news.stack.nl!newsfeed.xs4all.nl!newsfeed3.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path <rosuav@gmail.com>
X-Original-To python-list@python.org
Delivered-To python-list@mail.python.org
X-Spam-Status OK 0.013
X-Spam-Evidence '*H*': 0.97; '*S*': 0.00; 'arguments': 0.09; 'subject:module': 0.09; 'typed': 0.09; 'cc:addr:python-list': 0.11; 'posted': 0.15; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'guessing': 0.16; 'programmer)': 0.16; 'simpson': 0.16; 'subject:usage': 0.16; 'wrote:': 0.18; 'command': 0.22; 'example': 0.22; 'cc:addr:python.org': 0.22; 'mon,': 0.24; 'cc:2**0': 0.24; 'header:In-Reply-To:1': 0.27; 'message- id:@mail.gmail.com': 0.30; "i'm": 0.30; 'code': 0.31; 'sep': 0.31; 'actual': 0.34; 'but': 0.35; 'received:google.com': 0.35; 'pm,': 0.38; 'even': 0.60; 'here': 0.66; 'line,': 0.68; 'user,': 0.69; 'safe': 0.72; 'to:none': 0.92
DKIM-Signature v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=srbYDf1aV+l/Za3IiqdQNV4kFfWEGLDBqQTNsfP+Wxg=; b=DDDne127NxaHNWnmMHp01/SxR1i5HivflMfW4LoR1yxBZJE2NT7UFI1anGA+sMcJub jZbTTMoJhcF6fZQTbTkGbrRGZMi5ErtKmCqQo1MmYR2ahFrxSejswbV0zfKsiuPhq3f2 CslFuBWzt7X/zsiyrsHacMSiOqoxMMlvJS1imuaWna5YWJ23btjAuog9bUea8DQkCGyO 4rewg1Nit97VTZ63CdgsSp4BLXzB2eWJ9hLlarWoA1oKYaho6pn6t/tr1E5XZTVaL6Wf NnY0FxJtfa8z9B0ptAPLFkRiHYfp8wbLQcrSJ8lcrfxUsqXUqaHa/f4CNgky+YTNt2vV Mu/w==
MIME-Version 1.0
X-Received by 10.50.176.202 with SMTP id ck10mr20112900igc.2.1409561985601; Mon, 01 Sep 2014 01:59:45 -0700 (PDT)
In-Reply-To <20140901084652.GA58412@cskk.homeip.net>
References <CAPrJNb50Q0h0hKEdaW+ka9fxe=PgShExBtW_=LndDnU8__2cAA@mail.gmail.com> <20140901084652.GA58412@cskk.homeip.net>
Date Mon, 1 Sep 2014 18:59:45 +1000
Subject Re: subprocess module usage
From Chris Angelico <rosuav@gmail.com>
Cc "python-list@python.org" <python-list@python.org>
Content-Type text/plain; charset=UTF-8
X-BeenThere python-list@python.org
X-Mailman-Version 2.1.15
Precedence list
List-Id General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive <http://mail.python.org/pipermail/python-list/>
List-Post <mailto:python-list@python.org>
List-Help <mailto:python-list-request@python.org?subject=help>
List-Subscribe <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups comp.lang.python
Message-ID <mailman.13687.1409561994.18130.python-list@python.org> (permalink)
Lines 10
NNTP-Posting-Host 2001:888:2000:d::a6
X-Trace 1409561994 news.xs4all.nl 2839 [2001:888:2000:d::a6]:47876
X-Complaints-To abuse@xs4all.nl
Xref csiph.com comp.lang.python:77401

Show key headers only | View raw


On Mon, Sep 1, 2014 at 6:46 PM, Cameron Simpson <cs@zip.com.au> wrote:
> Not really. If the arguments are coming in from the command line, someone (a
> user, even if that user is the programmer) typed them. Even if not
> malicious, they can still be mistaken. Or just unfortunate.

I'm guessing that what he means is that the example posted here used
sys.argv but his actual code doesn't. It's still important to
*understand* shell=True, but it can be perfectly safe to use it.

ChrisA

Back to comp.lang.python | Previous | Next | Find similar | Unroll thread


Thread

Re: subprocess module usage Chris Angelico <rosuav@gmail.com> - 2014-09-01 18:59 +1000

csiph-web