On Fri, 26 Sep 2014 14:56:05 +0200 Stefan Behnel <stefan...@behnel.de> wrote: > Jeremy Sanders schrieb am 26.09.2014 um 09:28: > > Antoine Pitrou wrote: > > > >> Fortunately, Python's subprocess has its `shell` argument default to > >> False. However, `os.system` invokes the shell implicitly and is > >> therefore a possible attack vector. > > > > Of course anything called by subprocess with shell=False may invoke the > > shell itself if it runs other processes. > > Ok, but does that really make it a relevant topic for python-dev?
No. I don't know why the OP posted here. (but we have all kinds of borderline discussion threads these days, and people don't seem to care when they are asked to move the discussion elsewhere, so...) Regards Antoine. _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
