* Richard Stallman: > How, in Python, can I execute a string as a shell command?
This is often an extremely bad idea because it results in shell command injection vulnerabilities. Instead of os.system(), use the subprocess module, which keeps the argument list separate and does not involve the shell (except when you specify the shell=True argument): <https://docs.python.org/2/library/subprocess.html> You still need to take care of separating options and user-supplied non-option argument. With GNU getopt, the "--" separate does the trick. _______________________________________________ gnu-misc-discuss mailing list gnu-misc-discuss@gnu.org https://lists.gnu.org/mailman/listinfo/gnu-misc-discuss
