On Thu, Nov 27, 2014 at 2:36 AM, Tim Daneliuk <tun...@tundraware.com> wrote: > The more I think about this, the more I think I am just going to look for > the > string 'sudo' anywhere in the argument. This merely will force the user to > enter their sudo password if detected. If it turns out to be a false > positive, > no harm will be done and the password will just go unused.
That sounds reasonable; imperfect, but reasonable. But what happens if the password "goes unused"? Will it be provided on stdin to the program? That could be VERY bad in two ways (revealing the password, and breaking the program's expectations). ChrisA -- https://mail.python.org/mailman/listinfo/python-list
