gnu-misc-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Python question


From: Florian Weimer
Subject: Re: Python question
Date: Thu, 10 Apr 2014 21:34:06 +0200

* Richard Stallman:

> How, in Python, can I execute a string as a shell command?

This is often an extremely bad idea because it results in shell
command injection vulnerabilities.  Instead of os.system(), use the
subprocess module, which keeps the argument list separate and does not
involve the shell (except when you specify the shell=True argument):

  <https://docs.python.org/2/library/subprocess.html>

You still need to take care of separating options and user-supplied
non-option argument.  With GNU getopt, the "--" separate does the
trick.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]