mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-03 08:34:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

gh-114539: Clarify implicit launching of shells by subprocess (GH-117996)

Browse source
This commit is contained in:
Steve Dower 2024-04-17 19:32:47 +01:00 committed by GitHub
parent 353ea0b273
commit a4b44d39cd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 10 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

12
Doc/library/subprocess.rst
View file

@ -754,8 +754,8 @@ Exceptions defined in this module all inherit from :exc:`SubprocessError`.
Security Considerations
-----------------------
Unlike some other popen functions, this implementation will never
implicitly call a system shell. This means that all characters,
Unlike some other popen functions, this library will not
implicitly choose to call a system shell. This means that all characters,
including shell metacharacters, can safely be passed to child processes.
If the shell is invoked explicitly, via ``shell=True``, it is the application's
responsibility to ensure that all whitespace and metacharacters are
@ -764,6 +764,14 @@ quoted appropriately to avoid
vulnerabilities. On :ref:`some platforms <shlex-quote-warning>`, it is possible
to use :func:`shlex.quote` for this escaping.
On Windows, batch files (:file:`*.bat` or :file:`*.cmd`) may be launched by the
operating system in a system shell regardless of the arguments passed to this
library. This could result in arguments being parsed according to shell rules,
but without any escaping added by Python. If you are intentionally launching a
batch file with arguments from untrusted sources, consider passing
``shell=True`` to allow Python to escape special characters. See :gh:`114539`
for additional discussion.
Popen Objects
-------------