[New-bugs-announce] [issue22636] avoid using a shell in ctypes.util: replace os.popen with subprocess
STINNER Victor
report at bugs.python.org
Wed Oct 15 00:32:55 CEST 2014
New submission from STINNER Victor:
Attached patch modifies the ctypes.util module to not use a shell: it replaces os.open() with subprocess.Popen on Linux.
Running a shell is slower and is more vulnerable to code injection.
I only modified code path on Linux right now. They are still calls to os.popen() on sunos5, freebsd, openbsd and dragonfly.
----------
files: ctypes_util_popen.patch
keywords: patch
messages: 229363
nosy: haypo
priority: normal
severity: normal
status: open
title: avoid using a shell in ctypes.util: replace os.popen with subprocess
type: enhancement
versions: Python 3.5
Added file: http://bugs.python.org/file36923/ctypes_util_popen.patch
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue22636>
_______________________________________
More information about the New-bugs-announce
mailing list