On 05/12/2016 12:23, Chris Angelico wrote:
On Mon, Dec 5, 2016 at 10:42 PM, BartC <b...@freeuk.com> wrote:
At least Windows does it properly. It doesn't even chop the command line
into different parameters, making it considerably more flexible. (Unless you
have a program based on a C-style main(nargs,args) entry point where the C
runtime will do this for you.)
Yes, because there's no way that you can ever get security problems
from improperly parsing command-line arguments.
And you will never get any problems if a program expects 3 parameters
but instead gets some arbitrary number of arguments, perhaps thousands,
if one happens to be *, including some that could coincide with some
actual meaningful input that the program recognises.
That's why the
recommended way to create a subprocess is os.system(), not the Popen
calls that take a list of already-separated parameters. Right?
And nothing will ever go wrong with incorrectly calling Popen that
takes, if I counted them correctly, up to 14 different parameters?
BTW what does Popen() do when one argument is '*.*'? Will that get
expanded to multiple extra arguments, and at what point will it be
expanded?
(I tried to test it, but:
import subprocess
subprocess.Popen("python")
didn't work under Linux: 'No such file or directory'. It works under
Windows but I wanted to see what it did with a parameter *.
Another difference.)
--
Bartc
--
https://mail.python.org/mailman/listinfo/python-list
