[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Octave-bug-tracker] [bug #45398] system without shell
|
From: |
Carnë Draug |
|
Subject: |
[Octave-bug-tracker] [bug #45398] system without shell |
|
Date: |
Wed, 24 Jun 2015 19:41:13 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.7.0 |
URL:
<http://savannah.gnu.org/bugs/?45398>
Summary: system without shell
Project: GNU Octave
Submitted by: carandraug
Submitted on: Wed 24 Jun 2015 19:41:08 GMT
Category: Octave Function
Severity: 1 - Wish
Priority: 5 - Normal
Item Group: Feature Request
Status: None
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Release: dev
Operating System: Any
_______________________________________________________
Details:
Other than fork and exec, it is not possible to make a system while avoiding
the shell. Would be nice to have this, similar to perl's system:
@args = ("command", "arg1", "arg2");
system (@args);
and python's subprocess:
subprocess.call (["command", "arg1", "arg2"]);
The reason to avoid the shell is security. From python's own documentation
>>> from subprocess import call
>>> filename = input("What file would you like to display?\n")
What file would you like to display?
non_existent; rm -rf / #
>>> call("cat " + filename, shell=True) # Uh-oh. This will end badly...
We already have a bunch of extra options for system() so I'm proposing to
implement something like perl, and skip the shell if the first argument is a
cell array of strings. Does that sound good?
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?45398>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Octave-bug-tracker] [bug #45398] system without shell,
Carnë Draug <=