Disable shell=True for monitoring commands

[kevinlondon]

Hello! This is somewhat related to a Pull Request I opened. I'm checking for security issues in a few projects and noticed that this one uses shell=True for checking the output on the monitoring commands.

>> Issue: subprocess call with shell=True identified, security issue.
   Severity: High   Confidence: High
   Location: glances/glances/core/glances_monitor_list.py:138
134             if self.command(i) is not None:
135                 # Execute the user command line
136                 try:
137                     self.__monitor_list[i]['result'] = subprocess.check_output(self.command(i),
138                                                                                shell=True)

This could be problematic, especially if the configuration file is not properly sanitized or the command includes some illegal characters. Here's a Stack Overflow discussion and a blog post related to problems with shell=True.

[nicolargo]

No more Monitoring process list. To be report in AMP ?