Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0007794OCamlstandard librarypublic2018-05-10 11:182018-05-14 11:30
Reportervog 
Assigned To 
PrioritynormalSeverityminorReproducibilityalways
StatusnewResolutionopen 
PlatformOSOS Version
Product Version4.06.1 
Target VersionFixed in Version 
Summary0007794: Proposal: Add open_process_args, for proc+args instead of a shell
DescriptionI propose to add variants of the `open_process` functions which take "proc" and "args" instead of a shell command.

Rationale:

The standard library should encourage safe interfaces by making them more convenient than unsafe interfaces.

In particular, the safe process execution via "proc:string + args:string list" should be encouraged over shell command execution.

However, the nice, high-level open_process function is only available for shell commands. For safe execution (proc+args) there is only create_process which is relatively low-level.
Additional InformationSee also: https://github.com/ocaml-batteries-team/batteries-included/issues/858 [^]
TagsNo tags attached.
Attached Files

- Relationships
related to 0007672acknowledged Sys.command and Windows quoting 

-  Notes
(0019114)
nojebar (developer)
2018-05-13 23:56

Related PR: https://github.com/ocaml/ocaml/pull/1492 [^]
(0019115)
vog (reporter)
2018-05-14 11:30

Thanks for pointing to the related PR about "Filename.quote_command".

I'd just like to mention that I don't see Filename.quote_command as part of the solution, but more as part of the problem.

The respective low-level calls (execve, execvep, etc.) take prg+argv directly, and so should the implementation of "open_process_args".

It makes no sense to involve the shell at all. Calling the shell and escaping the arguments would just introduce a new possible point of (security) failure without any benefit: It would merely instruct the shell to perform what we should have performed on OCaml side in the first place.

- Issue History
Date Modified Username Field Change
2018-05-10 11:18 vog New Issue
2018-05-13 23:55 nojebar Relationship added related to 0007672
2018-05-13 23:56 nojebar Note Added: 0019114
2018-05-14 11:30 vog Note Added: 0019115


Copyright © 2000 - 2011 MantisBT Group
Powered by Mantis Bugtracker