please unsubscribe
On Sun, Mar 10, 2013 at 7:27 PM, <[email protected]> wrote: > Send Tutor mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://mail.python.org/mailman/listinfo/tutor > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Tutor digest..." > > > Today's Topics: > > 1. Re: python on ipad (Sven) > 2. Re: python on ipad (Fernando Salamero) > 3. Re: python on ipad (William Ray Wing) > 4. Re: subprocess module: when to _NOT_ use shell=True (eryksun) > 5. Re: subprocess module: when to _NOT_ use shell=True (Eike Welk) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 10 Mar 2013 22:18:25 +0000 > From: Sven <[email protected]> > To: Benjamin Fishbein <[email protected]> > Cc: *tutor python <[email protected]> > Subject: Re: [Tutor] python on ipad > Message-ID: > <CAEH=cXUJdkMPfEz2PXtA8bAVKuMAhX2V_ajFNhj7y0amNR= > [email protected]> > Content-Type: text/plain; charset="iso-8859-1" > > On 10 March 2013 21:42, Benjamin Fishbein <[email protected]> wrote: > > > Hello. I wrote some python programs for my small business that I run on > my > > computer...macbook air. I'm planning to backpack around Mexico and > perhaps > > south america. I'll still be working though. Basically my computer does > all > > the work, I just need to have internet connections and run the programs, > > and periodically click here and there. > > I don't want to take my macbook with me because I'd have anxiety that > it'd > > get stolen and I wouldn't have any fun. > > So I'm debating if I should get a cheap computer for a couple hundred > > bucks and run the python scripts on it. I think this is possible because > I > > hear the code is the same whether it's mac or PC or whatever. > > Or I might take my ipad with me. Or just run it on my iphone. > > Do you know if it's possible to run python scripts on a ipad/iphone, and > > if so how to do it? > > > > > Do these scripts have GUIs or are they just CLI scripts? > > If they are CLI scripts then you can certainly run them on a jailbroken > device > http://www.rioleo.org/python-on-the-ipad.php > > or if you don't want to jailbreak http://omz-software.com/pythonista/ > > although I have no idea how featured that is. > > Hope that helps > > -- > ./Sven > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://mail.python.org/pipermail/tutor/attachments/20130310/cde6716d/attachment-0001.html > > > > ------------------------------ > > Message: 2 > Date: Sun, 10 Mar 2013 23:52:34 +0100 > From: Fernando Salamero <[email protected]> > To: "[email protected]" <[email protected]> > Subject: Re: [Tutor] python on ipad > Message-ID: <[email protected]> > Content-Type: text/plain; charset=us-ascii > > Sure. Pythonista is a must have. > > > https://itunes.apple.com/es/app/pythonista/id528579881?mt=8 > > > > Date: Sun, 10 Mar 2013 16:42:59 -0500 > > From: Benjamin Fishbein <[email protected]> > > To: *tutor python <[email protected]> > > Subject: [Tutor] python on ipad > > Message-ID: <[email protected]> > > Content-Type: text/plain; charset=us-ascii > > > > Hello. I wrote some python programs for my small business that I run on > my computer...macbook air. I'm planning to backpack around Mexico and > perhaps south america. I'll still be working though. Basically my computer > does all the work, I just need to have internet connections and run the > programs, and periodically click here and there. > > I don't want to take my macbook with me because I'd have anxiety that > it'd get stolen and I wouldn't have any fun. > > So I'm debating if I should get a cheap computer for a couple hundred > bucks and run the python scripts on it. I think this is possible because I > hear the code is the same whether it's mac or PC or whatever. > > Or I might take my ipad with me. Or just run it on my iphone. > > Do you know if it's possible to run python scripts on a ipad/iphone, and > if so how to do it? > > Thanks, > > Ben > > > ------------------------------ > > Message: 3 > Date: Sun, 10 Mar 2013 19:07:32 -0400 > From: William Ray Wing <[email protected]> > To: Sven <[email protected]> > Cc: *tutor python <[email protected]>, William Ray Wing <[email protected]> > Subject: Re: [Tutor] python on ipad > Message-ID: <[email protected]> > Content-Type: text/plain; charset="iso-8859-1" > > On Mar 10, 2013, at 6:18 PM, Sven <[email protected]> wrote: > > > On 10 March 2013 21:42, Benjamin Fishbein <[email protected]> wrote: > > Hello. I wrote some python programs for my small business that I run on > my computer...macbook air. I'm planning to backpack around Mexico and > perhaps south america. I'll still be working though. Basically my computer > does all the work, I just need to have internet connections and run the > programs, and periodically click here and there. > > I don't want to take my macbook with me because I'd have anxiety that > it'd get stolen and I wouldn't have any fun. > > So I'm debating if I should get a cheap computer for a couple hundred > bucks and run the python scripts on it. I think this is possible because I > hear the code is the same whether it's mac or PC or whatever. > > Or I might take my ipad with me. Or just run it on my iphone. > > Do you know if it's possible to run python scripts on a ipad/iphone, and > if so how to do it? > > > > > > Do these scripts have GUIs or are they just CLI scripts? > > > > If they are CLI scripts then you can certainly run them on a jailbroken > device > > http://www.rioleo.org/python-on-the-ipad.php > > > > or if you don't want to jailbreak http://omz-software.com/pythonista/ > > > > although I have no idea how featured that is. > > > > I have Pythonista on my iPad, and it seems to be a pretty complete > implementation of Python and the standard libraries. It doesn't have > Tkinter or ttk, but does have a "scene" library that supports GUI > interfaces and games. It has a fairly active discussion forum and if you > Google Pythonista you will get hits to several reviews - all positive. At > $6.95, it would be worth checking out. > > Bill > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://mail.python.org/pipermail/tutor/attachments/20130310/1ebffe26/attachment-0001.html > > > > ------------------------------ > > Message: 4 > Date: Sun, 10 Mar 2013 19:15:01 -0400 > From: eryksun <[email protected]> > To: [email protected] > Cc: [email protected] > Subject: Re: [Tutor] subprocess module: when to _NOT_ use shell=True > Message-ID: > <CACL+1asTKotyZ=ZLgnZXvLGY4t6TiJAhH-Rmmv7rUCS0r= > [email protected]> > Content-Type: text/plain; charset=UTF-8 > > On Sun, Mar 10, 2013 at 12:56 PM, <[email protected]> wrote: > > I've not found anywhere a clear explanation of when not to > > set shell=True. If the command line must be interpreted by > > the shell then clearly this must be set. So the question > > that comes up is why not set it always? > > Using the shell can be a security risk for untrusted commands, as > described in the 3.3 docs for shlex.quote: > > http://docs.python.org/3/library/shlex#shlex.quote > > > I came up with the following script that indicates that > > the shell looks at only the first string in the array if > > the first parameter is an array rather than a string. > > Switching between cmd being a string vs an array and shell > > being set or not set gives 4 possibilities. > > > > cmd = ["ls", "-l"] > > # cmd = "ls -l" > > On a POSIX system, when you use an ags string instead of a list with > Popen, it just adds the string to a list, which varies depending on > the "shell" argument. > > Starting a new process using fork/exec hasn't fundamentally changed > since the early Unix systems in the 1970s. A child process is forked > and executes a new process image, with the given arguments in an array > of pointers to strings. Popen uses uses os.fork and os.execvp (or > os.execvpe if you supply an environment). > > http://docs.python.org/2/library/os#os.fork > http://docs.python.org/2/library/os#os.execvp > > http://en.wikipedia.org/wiki/Exec_%28operating_system%29 > > If shell=False, use the args list ["ls", "-l"]. Otherwise, if you use > an args string, Popen creates the list ["ls -l"], and execvp will look > for a file named "ls -l". Here's a silly example: > > >>> import os > >>> from subprocess import Popen > > >>> os.environ['PATH'] += ':.' > >>> open('ls -l', 'w').write('''\ > ... #!/bin/bash > ... echo silliness''') > >>> os.chmod('ls -l', 0700) > >>> p = Popen('ls -l') > >>> silliness > > If shell=True and the command is the string "ls -l", Popen uses the > args list ["/bin/sh", "-c", "ls -l"]. This is equivalent to running > the following: > > /bin/sh -c 'ls -l' > > This will work as expected. If you instead use the list ["ls", "-l"], > Popen uses the args list ["/bin/sh", "-c", "ls", "-l"], which is > equivalent to running the following: > > /bin/sh -c ls -l > > You can verify that the above doesn't work (the '-l' option isn't > passed to ls). Here's an example to echo the parameters: > > >>> open('tmp.sh', 'w').write(''' > ... #!/bin/bash > ... echo $0, $1, $2''') > >>> os.chmod('tmp.sh', 0700) > >>> env = {'PATH':'.'} > > >>> p = Popen('tmp.sh p1 p2', shell=True, env=env) > >>> ./tmp.sh, p1, p2 > > That worked fine, but this fails: > > >>> p = Popen(['tmp.sh','p1','p2'], shell=True, env=env) > >>> ./tmp.sh, , > > > ------------------------------ > > Message: 5 > Date: Mon, 11 Mar 2013 00:27:39 +0100 > From: Eike Welk <[email protected]> > To: [email protected] > Subject: Re: [Tutor] subprocess module: when to _NOT_ use shell=True > Message-ID: <2781446.FQqPdLVjh9@lixie> > Content-Type: text/plain; charset="us-ascii" > > On Sunday 10.03.2013 09:56:26 [email protected] wrote: > > I've not found anywhere a clear explanation of when not to set > shell=True. > > If the command line must be interpreted by the shell then clearly this > > must be set. So the question that comes up is why not set it always? > > Because ``shell=True`` is a security problem. It it is also not portable. > Someone might want to run your code on windows, which has no Bash. > > The security problem arises when the command contains any user input. The > user > could enter a bit of carefully crafted text, that tricks Bash into doing > something that you don't want. The technique is called "shell code > injection". > > The nicest example is the "Bobby tables" episode from XKCD, that covers a > similar situation with SQL injection: > > http://www.explainxkcd.com/wiki/index.php?title=327:_Exploits_of_a_Mom > > And on Wikipedia: > > http://en.wikipedia.org/wiki/Code_injection#Shell_injection > > > -- > Eike. > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > Tutor maillist - [email protected] > http://mail.python.org/mailman/listinfo/tutor > > > ------------------------------ > > End of Tutor Digest, Vol 109, Issue 29 > ************************************** >
_______________________________________________ Tutor maillist - [email protected] To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
