← Back to team overview

c2c-oerpscenario team mailing list archive

[Bug 685115] [NEW] Incorrect use of subprocess module

 

Public bug reported:

I'm using OpenERP 5.0.15

In tools/misc.py: exec_pg_command_pipe() and exec_command_pipe() in the
arguments to the subprocess.Popen() function the command name is
supplied as the executable parameter and shell=True.  This is wrong.  If
shell=True, then executable has to be the path to the shell, as
explained in the following paragraph from
http://docs.python.org/library/subprocess.html :

The executable argument specifies the program to execute. It is very
seldom needed: Usually, the program to execute is defined by the args
argument. If shell=True, the executable argument specifies which shell
to use. On Unix, the default shell is /bin/sh.

The above two functions have been working up to now only by accident.
The subprocess module will spawn the /bin/sh shell and try to execute
the first element in the argument list tuple.  The first element is the
command name (without the full path), but since the command is usually
in the shell's path it will succeed.  However if , for example, the pg_*
commands were not in the shell's path (for example in
/usr/lib/pgsql/bin) then it would fail.

Patch is attached.

** Affects: openobject-server
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.
https://bugs.launchpad.net/bugs/685115

Title:
  Incorrect use of subprocess module

Status in OpenObject Server:
  New

Bug description:
  I'm using OpenERP 5.0.15

In tools/misc.py: exec_pg_command_pipe() and exec_command_pipe() in the arguments to the subprocess.Popen() function the command name is supplied as the executable parameter and shell=True.  This is wrong.  If shell=True, then executable has to be the path to the shell, as explained in the following paragraph from http://docs.python.org/library/subprocess.html :

The executable argument specifies the program to execute. It is very seldom needed: Usually, the program to execute is defined by the args argument. If shell=True, the executable argument specifies which shell to use. On Unix, the default shell is /bin/sh.

The above two functions have been working up to now only by accident.  The subprocess module will spawn the /bin/sh shell and try to execute the first element in the argument list tuple.  The first element is the command name (without the full path), but since the command is usually in the shell's path it will succeed.  However if , for example, the pg_* commands were not in the shell's path (for example in /usr/lib/pgsql/bin) then it would fail.

Patch is attached.





Follow ups

References