Does `subprocess.Popen` store the command somewhere?
Question:
Does subprocess.Popen store the command somewhere?
Is it safe to provide confidential data as an argument in mentioned function?
For instance, I run a command that contains a password. Does Popen store executed commands somewhere (e.g., history buffer, logs, etc.) so that someone may read them?
Answers:
Your literal question:
- Does
subprocess.Popen store the command line somewhere?
…is answered "no". Popen does not update shell history, generate logs, or the like.
The implied fitness-to-purpose question:
- Can I safely pass confidential data through a command line with
subprocess.Popen?
…is also answered "no". Typical UNIXlike operating systems with out-of-the-box security settings do not treat command lines as confidential. They’re visible to other accounts on the systems, including untrusted ones, via tools such as ps or direct investigation of procfs.
Because this information is public, it’s fairly common for other tools to log it — daemons storing system status and statistics for operational analytics or diagnostic analysis, for example, can often grab the command lines of running processes. And because those tools often run as root, those few/rare/unusual systems with hardened settings that don’t allow unprivileged users to view other users’ processes’ command lines still don’t protect against them.
This isn’t specific to subprocess.Popen. Confidential data should never be stored in command line arguments. (If the software you’re running is sshpass, for example, read the SECURITY CONSIDERATIONS section of its manual; it supports receiving passwords via other mechanisms — environment variables, or preopened file handles, or explicitly provided filenames — for good reason).
Does subprocess.Popen store the command somewhere?
Is it safe to provide confidential data as an argument in mentioned function?
For instance, I run a command that contains a password. Does Popen store executed commands somewhere (e.g., history buffer, logs, etc.) so that someone may read them?
Your literal question:
- Does
subprocess.Popenstore the command line somewhere?
…is answered "no". Popen does not update shell history, generate logs, or the like.
The implied fitness-to-purpose question:
- Can I safely pass confidential data through a command line with
subprocess.Popen?
…is also answered "no". Typical UNIXlike operating systems with out-of-the-box security settings do not treat command lines as confidential. They’re visible to other accounts on the systems, including untrusted ones, via tools such as ps or direct investigation of procfs.
Because this information is public, it’s fairly common for other tools to log it — daemons storing system status and statistics for operational analytics or diagnostic analysis, for example, can often grab the command lines of running processes. And because those tools often run as root, those few/rare/unusual systems with hardened settings that don’t allow unprivileged users to view other users’ processes’ command lines still don’t protect against them.
This isn’t specific to subprocess.Popen. Confidential data should never be stored in command line arguments. (If the software you’re running is sshpass, for example, read the SECURITY CONSIDERATIONS section of its manual; it supports receiving passwords via other mechanisms — environment variables, or preopened file handles, or explicitly provided filenames — for good reason).