On Tue, Dec 22, 2020 at 4:46 PM Christopher Barker <python...@gmail.com>
wrote:
> Though, yeah shelling out to an arbitrary command on the system is a bit
> scary -- does the Python stdlib currently do that anywhere?
>
Here's what I found by grepping the sources for uses of os.system and
subprocess:
* pydoc shells out to "more" on win32 and "less" or "more" elsewhere if no
pager is configured. Incidentally, on Windows it passes the docs to the
pager via a temp file, with the comment "pipes completely broken in
Windows" - is this left over from the Win9x days? Also the temp-file code
runs the pager with os.system instead of Popen, and doesn't properly quote
it.
* ctypes.util has a ton of hacky code for finding libraries, which includes
calling out to gcc, cc, ld, objdump, /sbin/ldconfig, and /usr/ccs/bin/dump
on various platforms.
* platform.architecture() calls file and ad-hoc parses its output,
except if sys.platform in ('dos', 'win32', 'win16'). On those three
platforms it seems to be totally broken, always returning the pointer size
of the current Python process no matter what executable you pass to it.
* webbrowser looks for a bunch of specific named browsers. On Windows it'll
run any of ("firefox", "firebird", "seamonkey", "mozilla", "netscape",
"opera") from the insecure search path that starts with the current
directory.
_______________________________________________
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-le...@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at
https://mail.python.org/archives/list/python-ideas@python.org/message/CERIHREMGO3EUMSJPSUIDR6RVUOZQNVI/
Code of Conduct: http://python.org/psf/codeofconduct/
