In message <slrni297ec.1m5.grahn+n...@frailea.sa.invalid>, Jorgen Grahn wrote:
> I thought it was well-known that the solution is *not* to try to > sanitize the input -- it's to switch to an interface which doesn't > involve generating an intermediate executable. In the Python example, > that would be something like os.popen2(['zcat', '-f', '--', untrusted]). That’s what I mean. Why do people consider input sanitization so hard? -- http://mail.python.org/mailman/listinfo/python-list
