Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #77395 > unrolled thread
| Started by | Earl Lapus <earl.lapus@gmail.com> |
|---|---|
| First post | 2014-09-01 14:33 +0800 |
| Last post | 2014-09-01 14:33 +0800 |
| Articles | 1 — 1 participant |
Back to article view | Back to comp.lang.python
This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by
below is the oldest one visible, not the original post.
Re: subprocess module usage Earl Lapus <earl.lapus@gmail.com> - 2014-09-01 14:33 +0800
| From | Earl Lapus <earl.lapus@gmail.com> |
|---|---|
| Date | 2014-09-01 14:33 +0800 |
| Subject | Re: subprocess module usage |
| Message-ID | <mailman.13684.1409553202.18130.python-list@python.org> |
On Mon, Sep 1, 2014 at 1:39 PM, Chris Angelico <rosuav@gmail.com> wrote: > > Glad it's working! But please, don't just take my word for it and make > a black-box change to your code. When you invoke subprocesses, be sure > you understand what's going on, and when shell=True is appropriate and > when shell=False is appropriate. The docs should be fairly clear on > this. If you get this sort of thing wrong, you'll get weird errors > like this (if you're lucky), or open yourself up to shell injection > vulnerabilities (if you're not). > The command and arguments that will be passed to check_output will not depend on user input. So, the chances of malicious commands from being executed would be low (right?). What I'm really after is just to execute a specific command and 1) retrieve it's output (if any) 2) detect any error returned while executing the command. Anyway, I'll take your advise and review the documentation again. Cheers, Earl -- There are seven words in this sentence.
Back to top | Article view | comp.lang.python
csiph-web