The last few chapters were a lot about authorization. You learned about users, groups, and permissions. I start this chapter by applying these concepts to filesystem access. Afterward, I show you how to safely invoke external executables from within Python. Along the way, you’ll learn how to identify and resist two types of injection attacks. This sets the tone for the rest of the book, which focuses exclusively on attack resistance.
Like most programming languages Python natively supports filesystem access; third-party libraries are not necessary. Filesystem-level authorization involves less work than application-level authorization because you don’t need to enforce anything; your operating system already does this. In this section, I’ll show you how to do the following: