New submission from Christoph Neuroth <christoph.neur...@googlemail.com>:
Currently, the documentation of subprocess only says "Calling the program through the shell is usually not required.". IMHO there should be a real warning (like, in its own box with a couple of big exclamation marks ;)) about the security implications of using this and detailed instructions of how to avoid it. People tend to use this functionality just because they "know how to use the shell" and its just so convenient - and by doing so they create huge security holes in their applications. ---------- assignee: georg.brandl components: Documentation messages: 99465 nosy: christoph.neuroth, georg.brandl severity: normal status: open title: subprocess.Popen documentation should contain a good warning about the security implications when using shell=True type: security versions: Python 2.6, Python 3.1 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue7950> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
