mirror of https://github.com/python/cpython
#7950: add warning about security implications of shell=True to subprocess docs
Patch by Chris Rebert.
This commit is contained in:
parent
ea3e91e06a
commit
c7399d0a0f
|
@ -76,6 +76,24 @@ This module defines one class called :class:`Popen`:
|
||||||
|
|
||||||
Popen(['/bin/sh', '-c', args[0], args[1], ...])
|
Popen(['/bin/sh', '-c', args[0], args[1], ...])
|
||||||
|
|
||||||
|
.. warning::
|
||||||
|
|
||||||
|
Executing shell commands that incorporate unsanitized input from an
|
||||||
|
untrusted source makes a program vulnerable to `shell injection
|
||||||
|
<http://en.wikipedia.org/wiki/Shell_injection#Shell_injection>`_,
|
||||||
|
a serious security flaw which can result in arbitrary command execution.
|
||||||
|
For this reason, the use of *shell=True* is **strongly discouraged** in cases
|
||||||
|
where the command string is constructed from external input::
|
||||||
|
|
||||||
|
>>> from subprocess import call
|
||||||
|
>>> filename = input("What file would you like to display?\n")
|
||||||
|
What file would you like to display?
|
||||||
|
non_existent; rm -rf / #
|
||||||
|
>>> call("cat " + filename, shell=True) # Uh-oh. This will end badly...
|
||||||
|
|
||||||
|
*shell=False* does not suffer from this vulnerability; the above Note may be
|
||||||
|
helpful in getting code using *shell=False* to work.
|
||||||
|
|
||||||
On Windows: the :class:`Popen` class uses CreateProcess() to execute the child
|
On Windows: the :class:`Popen` class uses CreateProcess() to execute the child
|
||||||
program, which operates on strings. If *args* is a sequence, it will be
|
program, which operates on strings. If *args* is a sequence, it will be
|
||||||
converted to a string using the :meth:`list2cmdline` method. Please note that
|
converted to a string using the :meth:`list2cmdline` method. Please note that
|
||||||
|
|
Loading…
Reference in New Issue