Using Popen('gmsh ...', shell=True) rather than shell=False security danger

[wd15]

In commit 1634eb6, Popen('gmsh ...', shell=True) is used instead of shell=False. The python docs seem to think that this is big security issue, but does it matter?

The change was made so that if FiPy is executed in a virtualenv, the local version of gmsh not the system version is used. For some reason using shell=False results in the local environment being ignored (i.e. the local PATH). I tried playing with the env argument to Popen, but to no avail.
The following script is helpful for debugging

from subprocess import Popen, PIPE
import os

print os.getenv("PATH")
print os.environ["PATH"]

p = Popen(["gmsh", "--version"], stderr=PIPE, shell=False, env=dict(os.environ))
##p = Popen("gmsh --version", stderr=PIPE, shell=True, env=dict(os.environ))

out, verStr = p.communicate()
verStr = verStr.decode('ascii').strip('\n')

print verStr

Imported from trac ticket #486, created by wd15 on 12-18-2012 at 12:05, last modified: 12-18-2012 at 13:58

[wd15]

This ticket was a red herring. The issue was with the "fake" gmsh script used to override the system gmsh for a bare install. Everything has been returned to how it was before. The script needed a "#!" at the top. See 20f82d6

Trac comment by wd15 on 12-18-2012 at 13:19

[guyer]

Not "fixed"

Trac comment by guyer on 12-18-2012 at 13:58