[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Python question
From: |
Florian Weimer |
Subject: |
Re: Python question |
Date: |
Thu, 10 Apr 2014 21:34:06 +0200 |
* Richard Stallman:
> How, in Python, can I execute a string as a shell command?
This is often an extremely bad idea because it results in shell
command injection vulnerabilities. Instead of os.system(), use the
subprocess module, which keeps the argument list separate and does not
involve the shell (except when you specify the shell=True argument):
<https://docs.python.org/2/library/subprocess.html>
You still need to take care of separating options and user-supplied
non-option argument. With GNU getopt, the "--" separate does the
trick.