Re: bash vs. python scripts - which one is better?

To: debian-user@lists.debian.org
Subject: Re: bash vs. python scripts - which one is better?
From: Steve Lamb <grey@dmiyu.org>
Date: Thu, 09 Aug 2007 23:37:52 -0700
Message-id: <[🔎] 46BC07C0.8050502@dmiyu.org>
In-reply-to: <[🔎] 20070810030837.GC6199@prunille.vinc17.org>
References: <[🔎] 5da176070708071142k43fc7e30n4b16c9c77854759c@mail.gmail.com> <[🔎] 46BB4576.8090901@dmiyu.org> <[🔎] 20070810030837.GC6199@prunille.vinc17.org>

Vincent Lefevre wrote:
> On 2007-08-09 09:48:54 -0700, Steve Lamb wrote:
>>     The same in Python but with far greater functionality:

> and a security hole!

    And the one liner stopped this how, exactly?  I mean it was globbing the
file fer pete's sake!

>>         result = os.system("lame -h -b 160 '%s' '%s'" % (file, mp3))

> Imagine a filename contains: ' `some command`

    Ok, I'll imagine that.

>>> import os
>>> foo = "' `ls -l`"
>>> os.system("echo '%s'" % foo)
sh: -c: line 0: unexpected EOF while looking for matching `''
sh: -c: line 1: syntax error: unexpected end of file
512

    But of course this is a red herring on your part because we're starting
this discussion from the point of wanting to do a process to files we,
presumably, have vetted.

> But remember that when you use "system" (available in many languages),
> this is a shell that will be started behind, with all the problems of
> a shell.

    Yes, which is why I tend to go native as much as possible.  A feat far
easier in Python than Shell.  :P

> In Perl, when one calls system with more than one element in the list,
> this calls execvp instead of doing a conventional "system". Now, I
> assume that Python also has some way to call execvp.

    http://python.active-venture.com/lib/os-process.html

> In portable POSIX sh, yes. But with superior shells such as zsh, this
> is trivial. However, for complex transformations, though this can
> often be written with few characters, this is completely unreadable!
> (See for instance, the advanced zsh completion functions.)

    Which is why I strayed away from Perl into Python land.  And while zsh is
fairly ubiquitous in Linux/BSD land it is still shell with the problems that
come with it.  BTW, in case you feel I am coming from Bash land with my
anti-shell sentiments...

{grey@olethros:~} grep grey /etc/passwd
grey:x:1000:1007:Steve Lamb:/home/grey:/bin/zsh

    ...been on zsh for years.  I love its far superior completion and command
history.  Won't code in it, however, not as long as #!/bin/env python is
around.  And the joy of it is that if a box has zsh chances are high it'll
have python, too.  ;)

Reply to:

Follow-Ups:
- Re: bash vs. python scripts - which one is better?
  - From: Vincent Lefevre <vincent@vinc17.org>

References:
- bash vs. python scripts - which one is better?
  - From: "Manon Metten" <manon.metten@gmail.com>
- Re: bash vs. python scripts - which one is better?
  - From: Steve Lamb <grey@dmiyu.org>
- Re: bash vs. python scripts - which one is better?
  - From: Vincent Lefevre <vincent@vinc17.org>

Prev by Date: Re: bash vs. python scripts - which one is better?
Next by Date: Re: bash vs. python scripts - which one is better?
Previous by thread: Re: bash vs. python scripts - which one is better?
Next by thread: Re: bash vs. python scripts - which one is better?
Index(es):
- Date
- Thread