https://github.com/python/cpython/commit/859fdee0b698a49b2db822744d78e07e08cbea66
commit: 859fdee0b698a49b2db822744d78e07e08cbea66
branch: 3.12
author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
committer: zooba <steve.dower@microsoft.com>
date: 2024-04-17T19:44:38+01:00
summary:
[3.12] gh-114539: Clarify implicit launching of shells by subprocess (GH-117996) (#118002)
gh-114539: Clarify implicit launching of shells by subprocess (GH-117996)
(cherry picked from commit a4b44d39cd6941cc03590fee7538776728bdfd0a)
Co-authored-by: Steve Dower <steve.dower@python.org>
files:
M Doc/library/subprocess.rst
diff --git a/Doc/library/subprocess.rst b/Doc/library/subprocess.rst
index 5281bae90a15c6..d052623ffc7b7d 100644
--- a/Doc/library/subprocess.rst
+++ b/Doc/library/subprocess.rst
@@ -754,8 +754,8 @@ Exceptions defined in this module all inherit from :exc:`SubprocessError`.
Security Considerations
-----------------------
-Unlike some other popen functions, this implementation will never
-implicitly call a system shell. This means that all characters,
+Unlike some other popen functions, this library will not
+implicitly choose to call a system shell. This means that all characters,
including shell metacharacters, can safely be passed to child processes.
If the shell is invoked explicitly, via ``shell=True``, it is the application's
responsibility to ensure that all whitespace and metacharacters are
@@ -764,6 +764,14 @@ quoted appropriately to avoid
vulnerabilities. On :ref:`some platforms <shlex-quote-warning>`, it is possible
to use :func:`shlex.quote` for this escaping.
+On Windows, batch files (:file:`*.bat` or :file:`*.cmd`) may be launched by the
+operating system in a system shell regardless of the arguments passed to this
+library. This could result in arguments being parsed according to shell rules,
+but without any escaping added by Python. If you are intentionally launching a
+batch file with arguments from untrusted sources, consider passing
+``shell=True`` to allow Python to escape special characters. See :gh:`114539`
+for additional discussion.
+
Popen Objects
-------------
_______________________________________________
Python-checkins mailing list -- python-checkins@python.org
To unsubscribe send an email to python-checkins-leave@python.org
https://mail.python.org/mailman3/lists/python-checkins.python.org/
Member address: list-python-checkins@lists.gossamer-threads.com
commit: 859fdee0b698a49b2db822744d78e07e08cbea66
branch: 3.12
author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
committer: zooba <steve.dower@microsoft.com>
date: 2024-04-17T19:44:38+01:00
summary:
[3.12] gh-114539: Clarify implicit launching of shells by subprocess (GH-117996) (#118002)
gh-114539: Clarify implicit launching of shells by subprocess (GH-117996)
(cherry picked from commit a4b44d39cd6941cc03590fee7538776728bdfd0a)
Co-authored-by: Steve Dower <steve.dower@python.org>
files:
M Doc/library/subprocess.rst
diff --git a/Doc/library/subprocess.rst b/Doc/library/subprocess.rst
index 5281bae90a15c6..d052623ffc7b7d 100644
--- a/Doc/library/subprocess.rst
+++ b/Doc/library/subprocess.rst
@@ -754,8 +754,8 @@ Exceptions defined in this module all inherit from :exc:`SubprocessError`.
Security Considerations
-----------------------
-Unlike some other popen functions, this implementation will never
-implicitly call a system shell. This means that all characters,
+Unlike some other popen functions, this library will not
+implicitly choose to call a system shell. This means that all characters,
including shell metacharacters, can safely be passed to child processes.
If the shell is invoked explicitly, via ``shell=True``, it is the application's
responsibility to ensure that all whitespace and metacharacters are
@@ -764,6 +764,14 @@ quoted appropriately to avoid
vulnerabilities. On :ref:`some platforms <shlex-quote-warning>`, it is possible
to use :func:`shlex.quote` for this escaping.
+On Windows, batch files (:file:`*.bat` or :file:`*.cmd`) may be launched by the
+operating system in a system shell regardless of the arguments passed to this
+library. This could result in arguments being parsed according to shell rules,
+but without any escaping added by Python. If you are intentionally launching a
+batch file with arguments from untrusted sources, consider passing
+``shell=True`` to allow Python to escape special characters. See :gh:`114539`
+for additional discussion.
+
Popen Objects
-------------
_______________________________________________
Python-checkins mailing list -- python-checkins@python.org
To unsubscribe send an email to python-checkins-leave@python.org
https://mail.python.org/mailman3/lists/python-checkins.python.org/
Member address: list-python-checkins@lists.gossamer-threads.com