Is it possible to use os.popen() to achieve a result similar to os.system? I know that os.popen() is more secure, but I want to know how to be able to actually run the commands through this function. When using os.system(), things can get very insecure and I want to be able to have a secure way of accessing terminal commands.
Asked
Active
Viewed 934 times
1
Alec
- 8,529
- 8
- 37
- 63
Palpable Coral
- 105
- 1
- 2
- 12
-
4Why do you think that `popen` is more secure? It still invokes the shell… – Davis Herring May 19 '19 at 21:21
-
3`os.popen()` is exactly as insecure as `os.system()` is. If you want something more secure, use the `subprocess` module with the default `shell=False`. Where did you find a reference telling you that `os.popen()` was more secure? – Charles Duffy May 19 '19 at 21:27
1 Answers
3
Anything that uses the shell to execute commands is insecure for obvious reasons (you don't want someone running rm -rf / in your shell :). Both os.system and os.popen use the shell.
For security, use the subprocess module with shell = False
Either way, both of those functions have been deprecated since Python 2.6
Alec
- 8,529
- 8
- 37
- 63
-
Sidenote: What is the difference, then, between `os.system()` and `os.popen()`? – Palpable Coral May 19 '19 at 23:05
-
https://stackoverflow.com/questions/4813238/difference-between-subprocess-popen-and-os-system – Alec May 19 '19 at 23:07