Path: csiph.com!usenet.pasdenom.info!gegeweb.org!usenet-fr.net!nerim.net!novso.com!newsfeed.xs4all.nl!newsfeed1.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <rosuav@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.004
X-Spam-Evidence: '*H*': 0.99; '*S*': 0.00; 'root': 0.05; 'subject:skip:s 10': 0.07; 'here?': 0.09; 'strings.': 0.09; 'cc:addr:python-list': 0.11; 'suggest': 0.14; '23,': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'invoking': 0.16; 'readable': 0.16; 'script,': 0.16; 'skip:p 90': 0.16; 'all.': 0.16; 'wrote:': 0.18; 'seems': 0.21; '(the': 0.22; 'command': 0.22; 'feb': 0.22; 'shell': 0.22; 'cc:addr:python.org': 0.22; 'mon,': 0.24; 'cc:2**0': 0.24; 'sort': 0.25; 'header:In- Reply-To:1': 0.27; 'appear': 0.29; 'robert': 0.30; 'said,': 0.30; 'strongly': 0.30; 'message-id:@mail.gmail.com': 0.30; 'getting': 0.31; 'usually': 0.31; "user's": 0.31; 'running': 0.33; 'could': 0.34; 'but': 0.35; 'received:google.com': 0.35; 'list': 0.37; 'easily': 0.37; 'pm,': 0.38; 'either': 0.39; 'full': 0.61; "you're": 0.61; 'needing': 0.65; 'nobody': 0.68; 'home': 0.69; '2015': 0.84; 'to:none': 0.92
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=KRqTiE60ZjKx9J9JZLTTQdt5WMFV6L/JDqxTuOJYPhM=; b=urmvW9uHg7bS1xpGZ/Ge58ZsI443OlnZQmOLAhAQJF9fGUOYDPh4SrppoGRyrkBBHN 5vR1S5BRV15KNocHs3GIdoX5Ewst8GU3LFQn9ef/nKQIfnr1/ZmF39q+Y1TIuQyUaOhm 3x6swnqmjRUAxXrf0ROW+Hdy9963nbRlvLbVsPaz+Oza63Zs9nYhAoV+4hNpKFGuucyL +DHSP+RM9U1WQSsQOkK8oWe6MYUFeFCZY56XE+xvN/bdVTPq2ikItUXeqxSs4tzM8pO2 ajOqE9ISw7tTNwpNpHPYHhL5JBd8mYSq7hqXbGAJPLTQ+wPfGG4o1GoBZiEj4WZbQwxb JGog==
MIME-Version: 1.0
X-Received: by 10.50.4.40 with SMTP id h8mr12740969igh.34.1424695361250; Mon, 23 Feb 2015 04:42:41 -0800 (PST)
In-Reply-To: <CAEMktPXksS9bVaf-BQMTe5KYOu3SxbiSCWdk78S1yP0zy9DG6Q@mail.gmail.com>
References: <CAEMktPXksS9bVaf-BQMTe5KYOu3SxbiSCWdk78S1yP0zy9DG6Q@mail.gmail.com>
Date: Mon, 23 Feb 2015 23:42:41 +1100
Subject: Re: bufsize must be an integer in subprocess.Popen
From: Chris Angelico <rosuav@gmail.com>
Cc: "python-list@python.org" <python-list@python.org>
Content-Type: text/plain; charset=UTF-8
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.19068.1424695363.18130.python-list@python.org>
Lines: 14
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1424695363 news.xs4all.nl 2876 [2001:888:2000:d::a6]:33227
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:86213

On Mon, Feb 23, 2015 at 11:13 PM, Robert Clove <cloverobert@gmail.com> wrote:
> proc1=subprocess.Popen("/root/Desktop/abc.py","64","abc",shell=True,stdout=subprocess.PIPE,
> stderr=subprocess.PIPE)

As others have said, you need to use either a single command or a list
of strings. But why are you using shell=True here? You appear to be
invoking one single script, and not needing shell features at all.
Additionally, it seems highly likely that you're running this as root
(the /root directory is usually the root user's home dir, and is
readable by nobody else), so any sort of shell injection exploit could
easily result in an attacker getting full root access to your box. I
strongly suggest using shell=False here.

ChrisA