Reputation: 121
Python Subprocess Security
I understand why using 'shell=True' can be a security risk if you have untrusted input. However, I don't understand how 'shell=False' avoids the same risks.
Presumably if I wanted to allow a user to provide an input he might input: var="rm -rf /"
My code might simply:
subprocess.call(var,shell=True) # bad stuff
Or I might do:
varParts=var.split()
subprocess.call(varParts,shell=False) # also bad, right?
It would seem that the assumption is one wouldn't go through the trouble of processing the input as I did in the second example and therefore this would/could not happen?
Upvotes: 12
Views: 15278
Answers (1)
Reputation: 880547
With shell=False, the args[0] is the program to be executed and args[1:] are passed as arguments to this program.
So, for example,
subprocess.call(['cat','nonexistent;','rm','-rf'])
calls the cat program and sends the 3 strings 'nonexistent;','rm','-rf' as arguments to cat. This is perfectly safe, though invalid since -r is an invalid option to cat.
However, arbitrary user input could still be unsafe. If, for example, you were to allow the user to control the program to be called, as in
subprocess.call(['rm','-rf'])
Upvotes: 22
Related Questions
- unable to provide password to a process with subprocess [python]
- Python subprocess permission
- Python subprocess calling
- On Windows, how can I protect arguments to shell scripts using Python 2.7 subprocess?
- Read/Write permission for a program run with subprocess?
- how to give subprocess a password and get stdout at the same time
- How to python subprocess from prompting password
- Subprocess in Python
- python subprocess
- python subprocess as normal user