You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Original bug ID: 7794 Reporter: vog Status: resolved (set by @xavierleroy on 2018-05-24T09:11:14Z) Resolution: fixed Priority: normal Severity: feature Version: 4.06.1 Fixed in version: 4.08.0+dev/beta1/beta2 Category: standard library Related to:#7672 Monitored by:@nojb@gasche
Bug description
I propose to add variants of the open_process functions which take "proc" and "args" instead of a shell command.
Rationale:
The standard library should encourage safe interfaces by making them more convenient than unsafe interfaces.
In particular, the safe process execution via "proc:string + args:string list" should be encouraged over shell command execution.
However, the nice, high-level open_process function is only available for shell commands. For safe execution (proc+args) there is only create_process which is relatively low-level.
Thanks for pointing to the related PR about "Filename.quote_command".
I'd just like to mention that I don't see Filename.quote_command as part of the solution, but more as part of the problem.
The respective low-level calls (execve, execvep, etc.) take prg+argv directly, and so should the implementation of "open_process_args".
It makes no sense to involve the shell at all. Calling the shell and escaping the arguments would just introduce a new possible point of (security) failure without any benefit: It would merely instruct the shell to perform what we should have performed on OCaml side in the first place.
Original bug ID: 7794
Reporter: vog
Status: resolved (set by @xavierleroy on 2018-05-24T09:11:14Z)
Resolution: fixed
Priority: normal
Severity: feature
Version: 4.06.1
Fixed in version: 4.08.0+dev/beta1/beta2
Category: standard library
Related to: #7672
Monitored by: @nojb @gasche
Bug description
I propose to add variants of the
open_process
functions which take "proc" and "args" instead of a shell command.Rationale:
The standard library should encourage safe interfaces by making them more convenient than unsafe interfaces.
In particular, the safe process execution via "proc:string + args:string list" should be encouraged over shell command execution.
However, the nice, high-level open_process function is only available for shell commands. For safe execution (proc+args) there is only create_process which is relatively low-level.
Additional information
See also: ocaml-batteries-team/batteries-included#858
The text was updated successfully, but these errors were encountered: