Christoph Neuroth added the comment:
As recommended by eric.smith on #7950, I'd like to suggest further extending
the documentation to include a security warning about (quite easily) possible
code injection bugs when using the shell=True parameter (similar to other
places i
Christoph Neuroth added the comment:
Good idea :)
--
status: open -> closed
___
Python tracker
<http://bugs.python.org/issue7950>
___
___
Python-bugs-list mai
Christoph Neuroth added the comment:
You're right, that has been improved in regard to how you can do it instead.
However, I still think it lacks to mention the security risk involved - compare
this to e.g. os.tempnam(), which has a warning in a red box.
--
status: closed -&
New submission from Christoph Neuroth :
Currently, the documentation of subprocess only says "Calling the program
through the shell is usually not required.". IMHO there should be a real
warning (like, in its own box with a couple of big exclamation marks ;)) about
the security im
