Is 'shell=True' necessary in base.py?

[huornlmj]

https://github.com/philpep/testinfra/blob/87efc13b206f1957207bad14bf7db83ae05ef4f3/testinfra/backend/base.py#L194

Input appears to come from PIPE, and running shell=True is high risk. Is it possible that this could be changed to shell=False? Or use pipes.quote() to help escape whitespace and shell metacharacters from input?