Éric Araujo mer...@netwok.org added the comment:
Looks good to me, except the last two lines which I would reword or just remove.
I wonder how many people use shell=True merely for the convenience of passing a
string instead of a list. What do you think about adding a mention of
str.split
Chris Rebert pyb...@rebertia.com added the comment:
the above Note mentioned in those last two lines demonstrates shlex.split()
and correct tokenization.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue7950
R. David Murray rdmur...@bitdance.com added the comment:
Committed (as a warning) in r86419. Thanks, Chris.
--
stage: patch review - committed/rejected
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue7950
Chris Rebert pyb...@rebertia.com added the comment:
Adjusted patch per R. David's comment.
I obviously think it should be a full red warning box (that's how it is in my
patch), but my opinion clearly isn't an outside one.
Also, Ping/Bump on finally getting this applied.
--
Added
R. David Murray rdmur...@bitdance.com added the comment:
Chris, thank you for the patch, sorry I didn't acknowledge it earlier. I think
the core of the patch is good, though I will probably drop the text starting
from To safely use... when I get time to apply it. I will also add a note
Changes by Chris Rebert pyb...@rebertia.com:
Added file: http://bugs.python.org/file18209/subprocess.rst.diff
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue7950
___
Chris Rebert pyb...@rebertia.com added the comment:
My apologies for the extra email...
--
Added file: http://bugs.python.org/file18210/subprocess.rst.diff
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue7950
Changes by Chris Rebert pyb...@rebertia.com:
Removed file: http://bugs.python.org/file18209/subprocess.rst.diff
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue7950
___
Chris Rebert pyb...@rebertia.com added the comment:
I found some extra time. Here's an initial suggested patch against py3k head.
Disclaimer: I have no special expertise in computer security beyond having read
Secure Coding: Principles and Practices a while back.
--
keywords: +patch
Changes by Terry J. Reedy tjre...@udel.edu:
--
nosy: -tjreedy
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue7950
___
___
Python-bugs-list mailing
R. David Murray rdmur...@bitdance.com added the comment:
Since the other bug was about a different topic and was closed as fixed, I'd
rather have this issue open. What I've done instead is merge the nosy list
from the other bug...anyone who is not interested can of course opt out of this
Chris Rebert pyb...@rebertia.com added the comment:
I'm busy with finding an apartment and taking exams for the next week-or-so,
but after that I'll try and suggest a patch. If anyone wants to have a crack at
it between now and then, don't let me stop you.
--
Christoph Neuroth christoph.neur...@googlemail.com added the comment:
You're right, that has been improved in regard to how you can do it instead.
However, I still think it lacks to mention the security risk involved - compare
this to e.g. os.tempnam(), which has a warning in a red box.
Eric Smith e...@trueblade.com added the comment:
If you want to generate some more discussion, I suggest you close this issue
and reopen the other one, since that has more people on the nosy list.
--
___
Python tracker rep...@bugs.python.org
Christoph Neuroth christoph.neur...@googlemail.com added the comment:
Good idea :)
--
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue7950
___
New submission from Christoph Neuroth christoph.neur...@googlemail.com:
Currently, the documentation of subprocess only says Calling the program
through the shell is usually not required.. IMHO there should be a real
warning (like, in its own box with a couple of big exclamation marks ;))
Eric Smith e...@trueblade.com added the comment:
This was just discussed in issue 6760.
--
nosy: +eric.smith
resolution: - duplicate
stage: - committed/rejected
status: open - closed
superseder: - patch to subprocess docs to better explain Popen's 'args'
argument
17 matches
Mail list logo