Aahz wrote: > In article <[EMAIL PROTECTED]>, > John Salerno <[EMAIL PROTECTED]> wrote: > > > >I understand the difference, but I'm just curious if anyone has any > >strong feelings toward using one over the other? I was reading that a > >disadvantage to the more general usage (i.e. env) is that it finds the > >first python on the path, and that might not be the proper one to use. I > >don't know if that's a real issue most of the time, but it's at least > >something to consider. > > The main argument against the env method is that I've seen a fair number > of sysadmins claim that it's less secure. I'm not competent to judget > that claim myself, but I prefer to play safe and stay away from env. > -- > Aahz ([EMAIL PROTECTED]) <*> http://www.pythoncraft.com/ >
Basically, someone could inject an arbirtrary script called 'python' into your path that does whatever (rm -fr /) under your user context when you run the script. But the same thing would happen if you run 'python test.py' instead of '/usr/local/bin/python test.py' to run a script that doesn't have a she-bang or hasn't been flagged as executable. Some admins will use a fully-qualified path for every command to guard against this; I think that can be overkill. -- http://mail.python.org/mailman/listinfo/python-list
