By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,235 Members | 1,057 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,235 IT Pros & Developers. It's quick & easy.

without shell

P: n/a
km
hi all,

can any linux command be invoked/ executed without using shell (bash) ?
what abt security concerns ?

regards,
KM

Jul 19 '05 #1
Share this Question
Share on Google+
12 Replies


P: n/a
On Sun, 12 Jun 2005 23:16:35 +0530, km wrote:
hi all,

can any linux command be invoked/ executed without using shell (bash) ?
py> import os
py> status = os.system("ls")

Prints the output of ls and stores the exit code into status.

py> file_list = os.popen("ls").read()

Stores the output of ls into file_list.

Or see the module "commands".
what abt security concerns ?


Yes, there are serious security concerns. You should be *very* careful
about executing strings generated by users. You probably don't want your
program executing something like os.system("rm -rf /").

--
Steven.
Jul 19 '05 #2

P: n/a
On 2005-06-12, km <km@mrna.tn.nic.in> wrote:
can any linux command be invoked/executed without using shell (bash)?
Yes -- for some values of "linux command". You can execute
anything that's not a bash internal or a bash script without
using bash.
what abt security concerns?


What about them?

--
Grant Edwards grante Yow! I'm young... I'm
at HEALTHY... I can HIKE
visi.com THRU CAPT GROGAN'S LUMBAR
REGIONS!
Jul 19 '05 #3

P: n/a
On 2005-06-10, Steven D'Aprano <st***@REMOVETHIScyber.com.au> wrote:
On Sun, 12 Jun 2005 23:16:35 +0530, km wrote:
hi all,

can any linux command be invoked/ executed without using shell (bash) ?
py> import os
py> status = os.system("ls")

Prints the output of ls and stores the exit code into status.


It's done by invoking the user's SHELL and passing the string
"ls" to it. In the general case, invoking an unknown shell and
passing it a string is fraught with peril.
py> file_list = os.popen("ls").read()

Stores the output of ls into file_list.
That also executes a shell (same as os.system()), so it's
equally as unreliable and insecure as os.system(). [See the
notes at http://docs.python.org/lib/os-newstr...#os-newstreams
that describe popen.]
Or see the module "commands".
what abt security concerns ?


Yes, there are serious security concerns. You should be *very* careful
about executing strings generated by users. You probably don't want your
program executing something like os.system("rm -rf /").


You've got also got a much better chance of getting what you
expect if you don't invoke a shell, but use os.spawn*
functions instead.

--
Grant Edwards grante Yow! I feel partially
at hydrogenated!
visi.com
Jul 19 '05 #4

P: n/a
Steven D'Aprano wrote:
On Sun, 12 Jun 2005 23:16:35 +0530, km wrote:
hi all,

can any linux command be invoked/ executed without using shell (bash) ?


py> import os
py> status = os.system("ls")

Prints the output of ls and stores the exit code into status.

py> file_list = os.popen("ls").read()

Stores the output of ls into file_list.

These commands invoke shell indeed.

Mage

Jul 19 '05 #5

P: n/a
On 2005-06-10, Mage <ma**@mage.hu> wrote:
py> file_list = os.popen("ls").read()

Stores the output of ls into file_list.

These commands invoke shell indeed.


Under Unix, popen will not invoke a shell if it's passed a
sequence rather than a single string.

--
Grant Edwards grante Yow! I was in EXCRUCIATING
at PAIN until I started
visi.com reading JACK AND JILL
Magazine!!
Jul 19 '05 #6

P: n/a
On Fri, 10 Jun 2005 14:13:05 +0000, Grant Edwards wrote:
On 2005-06-10, Steven D'Aprano <st***@REMOVETHIScyber.com.au> wrote:
On Sun, 12 Jun 2005 23:16:35 +0530, km wrote:
hi all,

can any linux command be invoked/ executed without using shell (bash) ?


py> import os
py> status = os.system("ls")

Prints the output of ls and stores the exit code into status.


It's done by invoking the user's SHELL and passing the string
"ls" to it. In the general case, invoking an unknown shell and
passing it a string is fraught with peril.


Ah... you learn something new every day.

I interpreted the original question as meaning "can Python execute
arbitrary Linux commands without exiting the Python interpretor and
dropping into a shell prompt?".

--
Steven.

Jul 19 '05 #7

P: n/a
In article <11*************@corp.supernews.com>,
Grant Edwards <gr****@visi.com> wrote:
On 2005-06-10, Mage <ma**@mage.hu> wrote:
py> file_list = os.popen("ls").read()

Stores the output of ls into file_list.

These commands invoke shell indeed.


Under Unix, popen will not invoke a shell if it's passed a
sequence rather than a single string.


I suspect you're thinking of the popen2 functions.
On UNIX, os.popen is posix.popen, is a simple wrapper
around the C library popen. It always invokes the
shell.

The no-shell alternatives are spawnv (instead of
system) and the popen2 family (given a sequence
of strings.)

Donn Cave, do**@u.washington.edu
Jul 19 '05 #8

P: n/a
On 2005-06-10, Donn Cave <do**@u.washington.edu> wrote:
In article <11*************@corp.supernews.com>,
Grant Edwards <gr****@visi.com> wrote:
On 2005-06-10, Mage <ma**@mage.hu> wrote:
>>py> file_list = os.popen("ls").read()
>>
>>Stores the output of ls into file_list.
>>
> These commands invoke shell indeed.
Under Unix, popen will not invoke a shell if it's passed a
sequence rather than a single string.


I suspect you're thinking of the popen2 functions.


According to the current module reference, that's the behavior
of the os.popen*() functions:

http://docs.python.org/lib/os-newstr...#os-newstreams
On UNIX, os.popen is posix.popen, is a simple wrapper around
the C library popen. It always invokes the shell.
Not according the the docs:

Also, for each of these variants, on Unix, cmd may be a
sequence, in which case arguments will be passed directly to
the program without shell intervention (as with os.spawnv()).
If cmd is a string it will be passed to the shell (as with
os.system()).

It's not exactly clear what "these variants" refer to, but I
read it as referring to all of the the os.popen functions.

Perhaps it only refers to os.popen[234]?
The no-shell alternatives are spawnv (instead of system) and
the popen2 family (given a sequence of strings.)

Donn Cave, do**@u.washington.edu


--
Grant Edwards grante Yow! FIRST, I'm covering
at you with OLIVE OIL and
visi.com PRUNE WHIP!!
Jul 19 '05 #9

P: n/a
Donn Cave <do**@u.washington.edu> writes:
In article <11*************@corp.supernews.com>,
Grant Edwards <gr****@visi.com> wrote:
On 2005-06-10, Mage <ma**@mage.hu> wrote:
>>py> file_list = os.popen("ls").read()
>>
>>Stores the output of ls into file_list.
>>
> These commands invoke shell indeed.


Under Unix, popen will not invoke a shell if it's passed a
sequence rather than a single string.


I suspect you're thinking of the popen2 functions.
On UNIX, os.popen is posix.popen, is a simple wrapper
around the C library popen. It always invokes the
shell.

The no-shell alternatives are spawnv (instead of
system) and the popen2 family (given a sequence
of strings.)


Don't forget the one module to rule them all, subprocess:

file_list = subprocess.Popen(['ls'], stdout=subprocess.PIPE).communicate()[0]

which by default won't use the shell (unless you pass shell=True to it).

--
|>|\/|<
/--------------------------------------------------------------------------\
|David M. Cooke
|cookedm(at)physics(dot)mcmaster(dot)ca
Jul 19 '05 #10

P: n/a
In article <11*************@corp.supernews.com>,
Grant Edwards <gr****@visi.com> wrote:
....
According to the current module reference, that's the behavior
of the os.popen*() functions:

http://docs.python.org/lib/os-newstr...#os-newstreams
On UNIX, os.popen is posix.popen, is a simple wrapper around
the C library popen. It always invokes the shell.


Not according the the docs:

Also, for each of these variants, on Unix, cmd may be a
sequence, in which case arguments will be passed directly to
the program without shell intervention (as with os.spawnv()).
If cmd is a string it will be passed to the shell (as with
os.system()).

It's not exactly clear what "these variants" refer to, but I
read it as referring to all of the the os.popen functions.

Perhaps it only refers to os.popen[234]?


Right. The paragraphs seem a little scrambled. Note
the use of "cmd" instead of "command" as the parameter
is named for popen(). Also note "These methods do not
make it possible to retrieve the return code from the
child processes", after the popen() paragraph above tells
you how to do it (using the better term "exit status".)

Or one may look at the source.

Donn Cave, do**@u.washington.edu
Jul 19 '05 #11

P: n/a
On 2005-06-10, Donn Cave <do**@u.washington.edu> wrote:
Also, for each of these variants, on Unix, cmd may be a
sequence, in which case arguments will be passed directly to
the program without shell intervention (as with os.spawnv()).
If cmd is a string it will be passed to the shell (as with
os.system()).

It's not exactly clear what "these variants" refer to, but I
read it as referring to all of the the os.popen functions.

Perhaps it only refers to os.popen[234]?


Right. The paragraphs seem a little scrambled. Note
the use of "cmd" instead of "command" as the parameter
is named for popen(). Also note "These methods do not
make it possible to retrieve the return code from the
child processes", after the popen() paragraph above tells
you how to do it (using the better term "exit status".)

Or one may look at the source.


Or write a 3-line test to see how it really does works. :)

--
Grant Edwards grante Yow! ... I don't like
at FRANK SINATRA or his
visi.com CHILDREN.
Jul 19 '05 #12

P: n/a
Donn Cave wrote:
Not according the the docs:

Also, for each of these variants, on Unix, cmd may be a
sequence, in which case arguments will be passed directly to
the program without shell intervention (as with os.spawnv()).
If cmd is a string it will be passed to the shell (as with
os.system()).

It's not exactly clear what "these variants" refer to, but I
read it as referring to all of the the os.popen functions.

Perhaps it only refers to os.popen[234]?


Right. The paragraphs seem a little scrambled. Note
the use of "cmd" instead of "command" as the parameter
is named for popen(). Also note "These methods do not
make it possible to retrieve the return code from the
child processes", after the popen() paragraph above tells
you how to do it (using the better term "exit status".)

Or one may look at the source.


FYI, I checked in a little fix to the docs which makes clear
what functions the paragraphs pertain to. Also, I changed
"return code" to "exit status".

Reinhold
Jul 19 '05 #13

This discussion thread is closed

Replies have been disabled for this discussion.