Escaping strings to be used in shell commands?
Brian Langenberger
brian at brian.cbs.umn.edu
Thu Apr 12 16:12:17 EDT 2001
Timothy Grant <tjg at exceptionalminds.com> wrote:
<snip!>
: However, I am curious why there is more a problem with an app
: calling the useradd command, than there is with an admin
: issuing a useradd from the command line?
As long as python isn't running setuid root, or as long as
the script is suitable chmod'ed for admins only, os.system()
isn't much of a big deal (aside from unintended consequences).
But whenever such scripts make it out for user-level use,
os.system() gives me the creeps because of all the nastiness
that can result. I just don't trust it for much of anything :)
More information about the Python-list
mailing list