Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0007794OCamlstandard librarypublic2018-05-10 11:182018-05-14 11:30
Assigned To 
PlatformOSOS Version
Product Version4.06.1 
Target VersionFixed in Version 
Summary0007794: Proposal: Add open_process_args, for proc+args instead of a shell
DescriptionI propose to add variants of the `open_process` functions which take "proc" and "args" instead of a shell command.


The standard library should encourage safe interfaces by making them more convenient than unsafe interfaces.

In particular, the safe process execution via "proc:string + args:string list" should be encouraged over shell command execution.

However, the nice, high-level open_process function is only available for shell commands. For safe execution (proc+args) there is only create_process which is relatively low-level.
Additional InformationSee also: [^]
TagsNo tags attached.
Attached Files

- Relationships
related to 0007672acknowledged Sys.command and Windows quoting 

-  Notes
nojebar (developer)
2018-05-13 23:56

Related PR: [^]
vog (reporter)
2018-05-14 11:30

Thanks for pointing to the related PR about "Filename.quote_command".

I'd just like to mention that I don't see Filename.quote_command as part of the solution, but more as part of the problem.

The respective low-level calls (execve, execvep, etc.) take prg+argv directly, and so should the implementation of "open_process_args".

It makes no sense to involve the shell at all. Calling the shell and escaping the arguments would just introduce a new possible point of (security) failure without any benefit: It would merely instruct the shell to perform what we should have performed on OCaml side in the first place.

- Issue History
Date Modified Username Field Change
2018-05-10 11:18 vog New Issue
2018-05-13 23:55 nojebar Relationship added related to 0007672
2018-05-13 23:56 nojebar Note Added: 0019114
2018-05-14 11:30 vog Note Added: 0019115

Copyright © 2000 - 2011 MantisBT Group
Powered by Mantis Bugtracker