Proposal: Add open_process_args, for proc+args instead of a shell #7794
Comments
|
Comment author: vog Thanks for pointing to the related PR about "Filename.quote_command". I'd just like to mention that I don't see Filename.quote_command as part of the solution, but more as part of the problem. The respective low-level calls (execve, execvep, etc.) take prg+argv directly, and so should the implementation of "open_process_args". It makes no sense to involve the shell at all. Calling the shell and escaping the arguments would just introduce a new possible point of (security) failure without any benefit: It would merely instruct the shell to perform what we should have performed on OCaml side in the first place. |
|
Comment author: @xavierleroy I agree, the proposed functions make sense and would be simpler than a working Filename.quote_command, with which I'm still struggling. |
|
Comment author: @xavierleroy Merged in trunk, will be in 4.08.0 |
Original bug ID: 7794
Reporter: vog
Status: resolved (set by @xavierleroy on 2018-05-24T09:11:14Z)
Resolution: fixed
Priority: normal
Severity: feature
Version: 4.06.1
Fixed in version: 4.08.0+dev/beta1/beta2
Category: standard library
Related to: #7672
Monitored by: @nojb @gasche
Bug description
I propose to add variants of the
open_processfunctions which take "proc" and "args" instead of a shell command.Rationale:
The standard library should encourage safe interfaces by making them more convenient than unsafe interfaces.
In particular, the safe process execution via "proc:string + args:string list" should be encouraged over shell command execution.
However, the nice, high-level open_process function is only available for shell commands. For safe execution (proc+args) there is only create_process which is relatively low-level.
Additional information
See also: ocaml-batteries-team/batteries-included#858
The text was updated successfully, but these errors were encountered: