|Anonymous | Login | Signup for a new account||2018-05-21 14:50 CEST|
|Main | My View | View Issues | Change Log | Roadmap|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0007794||OCaml||standard library||public||2018-05-10 11:18||2018-05-14 11:30|
|Target Version||Fixed in Version|
|Summary||0007794: Proposal: Add open_process_args, for proc+args instead of a shell|
|Description||I propose to add variants of the `open_process` functions which take "proc" and "args" instead of a shell command.|
The standard library should encourage safe interfaces by making them more convenient than unsafe interfaces.
In particular, the safe process execution via "proc:string + args:string list" should be encouraged over shell command execution.
However, the nice, high-level open_process function is only available for shell commands. For safe execution (proc+args) there is only create_process which is relatively low-level.
|Additional Information||See also: https://github.com/ocaml-batteries-team/batteries-included/issues/858 [^]|
|Tags||No tags attached.|
|Related PR: https://github.com/ocaml/ocaml/pull/1492 [^]|
Thanks for pointing to the related PR about "Filename.quote_command".
I'd just like to mention that I don't see Filename.quote_command as part of the solution, but more as part of the problem.
The respective low-level calls (execve, execvep, etc.) take prg+argv directly, and so should the implementation of "open_process_args".
It makes no sense to involve the shell at all. Calling the shell and escaping the arguments would just introduce a new possible point of (security) failure without any benefit: It would merely instruct the shell to perform what we should have performed on OCaml side in the first place.
|2018-05-10 11:18||vog||New Issue|
|2018-05-13 23:55||nojebar||Relationship added||related to 0007672|
|2018-05-13 23:56||nojebar||Note Added: 0019114|
|2018-05-14 11:30||vog||Note Added: 0019115|
|Copyright © 2000 - 2011 MantisBT Group|