search

rust-lang / rust

Empowering everyone to build reliable and efficient software.
https://www.rust-lang.org
Other
98.03k stars 12.68k forks source link

`process::Command::{arg,args}` is now self-contradictory #123764

Open workingjubilee opened 6 months ago

workingjubilee commented 6 months ago

Location

Currently it says

Note that the argument is not passed through a shell, but given literally to the program. This means that shell syntax like quotes, escaped characters, word splitting, glob patterns, variable substitution, etc. have no effect.

But then it adds the Windows-related caveat.

Summary

This states, more or less directly, that the preceding passage is actually a lie, and the reality is that we try to pass the arguments in a way that makes sense, and uses an API that bypasses the shell's command-line-interpreter concerns.

It made sense to land this initially in a "don't modify the existing wording, just plonk down a huge warning" way, but the text itself should be changed to account for the reality.

ChrisDenton commented 6 months ago

Note that the original intent of that paragraph was not as a security guarantee but to inform people that shell like syntax isn't needed. See https://github.com/rust-lang/rust/pull/78599

I believe @jieyouxu would appreciate if this were still stated clearly.

workingjubilee commented 6 months ago

I don't think that the final phrasing should obfuscate that, either, it should just be clearer that we're adopting a platform-specific approach.