New submission from STINNER Victor: Attached patch modifies the uuid module to not use a shell: it replaces os.popen() with subprocess.Popen on UNIX.
Running a shell is slower and is more vulnerable to code injection. I only modified code path on UNIX right now. They is still a call to os.popen() on Windows. Note: The patch works on bytes string instead of Unicode. ---------- files: uuid_popen.patch keywords: patch messages: 229364 nosy: haypo priority: normal severity: normal status: open title: avoid using a shell in uuid: replce os.popen with subprocess.Popen type: enhancement versions: Python 3.5 Added file: http://bugs.python.org/file36924/uuid_popen.patch _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue22637> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
