Skip to content

Commit

Permalink
[3.9] gh-114539: Clarify implicit launching of shells by subprocess (G…
Browse files Browse the repository at this point in the history
…H-117996) (GH-118005)

(cherry picked from commit a4b44d3)

Co-authored-by: Steve Dower <[email protected]>
  • Loading branch information
miss-islington and zooba authored May 7, 2024
1 parent 40d77b9 commit 22ae383
Showing 1 changed file with 10 additions and 2 deletions.
12 changes: 10 additions & 2 deletions Doc/library/subprocess.rst
Original file line number Diff line number Diff line change
Expand Up @@ -713,8 +713,8 @@ Exceptions defined in this module all inherit from :exc:`SubprocessError`.
Security Considerations
-----------------------

Unlike some other popen functions, this implementation will never
implicitly call a system shell. This means that all characters,
Unlike some other popen functions, this library will not
implicitly choose to call a system shell. This means that all characters,
including shell metacharacters, can safely be passed to child processes.
If the shell is invoked explicitly, via ``shell=True``, it is the application's
responsibility to ensure that all whitespace and metacharacters are
Expand All @@ -726,6 +726,14 @@ When using ``shell=True``, the :func:`shlex.quote` function can be
used to properly escape whitespace and shell metacharacters in strings
that are going to be used to construct shell commands.

On Windows, batch files (:file:`*.bat` or :file:`*.cmd`) may be launched by the
operating system in a system shell regardless of the arguments passed to this
library. This could result in arguments being parsed according to shell rules,
but without any escaping added by Python. If you are intentionally launching a
batch file with arguments from untrusted sources, consider passing
``shell=True`` to allow Python to escape special characters. See :gh:`114539`
for additional discussion.


Popen Objects
-------------
Expand Down

0 comments on commit 22ae383

Please sign in to comment.