Christoph Neuroth christoph.neur...@googlemail.com added the comment:
You're right, that has been improved in regard to how you can do it instead.
However, I still think it lacks to mention the security risk involved - compare
this to e.g. os.tempnam(), which has a warning in a red box
Christoph Neuroth christoph.neur...@googlemail.com added the comment:
Good idea :)
--
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue7950
Christoph Neuroth christoph.neur...@googlemail.com added the comment:
As recommended by eric.smith on #7950, I'd like to suggest further extending
the documentation to include a security warning about (quite easily) possible
code injection bugs when using the shell=True parameter (similar
New submission from Christoph Neuroth christoph.neur...@googlemail.com:
Currently, the documentation of subprocess only says Calling the program
through the shell is usually not required.. IMHO there should be a real
warning (like, in its own box with a couple of big exclamation marks