Message13036
It is identified in https://github.com/NationalSecurityAgency/ghidra/issues/107 that we call "cmd.exe" without specifying the exact path, and that in the event a cmd.exe exists in the working directory, that will be run instead. This can be a trip hazard when working with dangerous material.
PySystemState is blamed in the reference, but a search shows that we mention cmd.exe in the posix module too. And there we should consider removing command.com too :)
Almost certainly, the right answer is to use COMSPEC to find it, compare the standard library subprocess.py . In CPython that falls back to "cmd.exe" if COMSPEC is not defined. In Jython it uses the list ultimately defined in enum OS . |
|
Date |
User |
Action |
Args |
2020-04-22 18:56:21 | jeff.allen | set | recipients:
+ jeff.allen |
2020-04-22 18:56:21 | jeff.allen | set | messageid: <1587581781.58.0.0236391383294.issue2882@roundup.psfhosted.org> |
2020-04-22 18:56:21 | jeff.allen | link | issue2882 messages |
2020-04-22 18:56:21 | jeff.allen | create | |
|