Added the *text* parameter, as a more understandable alias of *universal_newlines*.
Added the *capture_output* parameter.
+ .. versionchanged:: 3.9.17
+
+ Changed Windows shell search order for ``shell=True``. The current
+ directory and ``%PATH%`` are replaced with ``%COMSPEC%`` and
+ ``%SystemRoot%\System32\cmd.exe``. As a result, dropping a
+ malicious program named ``cmd.exe`` into a current directory no
+ longer works.
+
.. class:: CompletedProcess
The return value from :func:`run`, representing a process that has finished.
*executable* parameter accepts a bytes and :term:`path-like object`
on Windows.
+ .. versionchanged:: 3.9.17
+
+ Changed Windows shell search order for ``shell=True``. The current
+ directory and ``%PATH%`` are replaced with ``%COMSPEC%`` and
+ ``%SystemRoot%\System32\cmd.exe``. As a result, dropping a
+ malicious program named ``cmd.exe`` into a current directory no
+ longer works.
+
*stdin*, *stdout* and *stderr* specify the executed program's standard input,
standard output and standard error file handles, respectively. Valid values
are :data:`PIPE`, :data:`DEVNULL`, an existing file descriptor (a positive
.. versionchanged:: 3.3
*timeout* was added.
+ .. versionchanged:: 3.9.17
+
+ Changed Windows shell search order for ``shell=True``. The current
+ directory and ``%PATH%`` are replaced with ``%COMSPEC%`` and
+ ``%SystemRoot%\System32\cmd.exe``. As a result, dropping a
+ malicious program named ``cmd.exe`` into a current directory no
+ longer works.
+
.. function:: check_call(args, *, stdin=None, stdout=None, stderr=None, \
shell=False, cwd=None, timeout=None, \
**other_popen_kwargs)
.. versionchanged:: 3.3
*timeout* was added.
+ .. versionchanged:: 3.9.17
+
+ Changed Windows shell search order for ``shell=True``. The current
+ directory and ``%PATH%`` are replaced with ``%COMSPEC%`` and
+ ``%SystemRoot%\System32\cmd.exe``. As a result, dropping a
+ malicious program named ``cmd.exe`` into a current directory no
+ longer works.
+
.. function:: check_output(args, *, stdin=None, stderr=None, shell=False, \
cwd=None, encoding=None, errors=None, \
.. versionadded:: 3.7
*text* was added as a more readable alias for *universal_newlines*.
+ .. versionchanged:: 3.9.17
+
+ Changed Windows shell search order for ``shell=True``. The current
+ directory and ``%PATH%`` are replaced with ``%COMSPEC%`` and
+ ``%SystemRoot%\System32\cmd.exe``. As a result, dropping a
+ malicious program named ``cmd.exe`` into a current directory no
+ longer works.
+
.. _subprocess-replacements:
if shell:
startupinfo.dwFlags |= _winapi.STARTF_USESHOWWINDOW
startupinfo.wShowWindow = _winapi.SW_HIDE
- comspec = os.environ.get("COMSPEC", "cmd.exe")
+ if not executable:
+ # gh-101283: without a fully-qualified path, before Windows
+ # checks the system directories, it first looks in the
+ # application directory, and also the current directory if
+ # NeedCurrentDirectoryForExePathW(ExeName) is true, so try
+ # to avoid executing unqualified "cmd.exe".
+ comspec = os.environ.get('ComSpec')
+ if not comspec:
+ system_root = os.environ.get('SystemRoot', '')
+ comspec = os.path.join(system_root, 'System32', 'cmd.exe')
+ if not os.path.isabs(comspec):
+ raise FileNotFoundError('shell not found: neither %ComSpec% nor %SystemRoot% is set')
+ if os.path.isabs(comspec):
+ executable = comspec
+ else:
+ comspec = executable
+
args = '{} /c "{}"'.format (comspec, args)
if cwd is not None:
projects / thirdparty / Python / cpython.git / commitdiff
