[GRASS-dev] [GRASS-SVN] r60679 - grass/trunk/lib/python/script

Vaclav Petras wenzeslaus at gmail.com
Wed Jul 2 18:25:28 PDT 2014


On Wed, Jul 2, 2014 at 7:35 PM, Glynn Clements <glynn at gclements.plus.com>
wrote:

> kwargs['shell'] = True
> args = [self._escape_for_shell(arg) for arg in args]
>

Considering security issues connected to shell=True* and uncertainty of
escaping for MS Windows**, wouldn't be better to avoid shell=True and try
to use the right interpreter? This can work at least for the most common
(and probably only important) case which is Python.

Vaclav


* Now thinking about various WPS servers using GRASS, GIS systems using
GRASS, and potential WebGRASS.
** It seems that it will be hard to guess how to do it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/grass-dev/attachments/20140702/4325aa91/attachment.html>


More information about the grass-dev mailing list