[issue37495] socket.inet_aton parsing issue on some libc versions
Aldwin Pollefeyt
report at bugs.python.org
Thu Jul 4 00:30:23 EDT 2019
Aldwin Pollefeyt <aldwinaldwin at gmail.com> added the comment:
>From : https://docs.python.org/3.9/library/subprocess.html#security-considerations
Security Considerations
Unlike some other popen functions, this implementation will never implicitly call a system shell. This means that all characters, including shell metacharacters, can safely be passed to child processes. If the shell is invoked explicitly, via shell=True, it is the application’s responsibility to ensure that all whitespace and metacharacters are quoted appropriately to avoid shell injection vulnerabilities.
When using shell=True, the shlex.quote() function can be used to properly escape whitespace and shell metacharacters in strings that are going to be used to construct shell commands.
----------
nosy: +aldwinaldwin
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue37495>
_______________________________________
More information about the Python-bugs-list
mailing list