Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2014-September/136473.html below:

[Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX

• Previous message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
• Next message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 26Sep2014 00:17, Antoine Pitrou <solipsis at pitrou.net> wrote:
>On Thu, 25 Sep 2014 13:00:16 -0700
>Bob Hanson <d2mp1a9 at newsguy.com> wrote:
>> Critical bash vulnerability CVE-2014-6271 may affect Python on
>> *n*x and OSX:
>> <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271>
[...]
>Fortunately, Python's subprocess has its `shell` argument default to
>False. However, `os.system` invokes the shell implicitly and is
>therefore a possible attack vector.

Only if /bin/sh is bash :-) Not always the case, fortunately.

Cheers,
Cameron Simpson <cs at zip.com.au>

Death is life's way of telling you you've been fired.   - R. Geis

• Previous message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
• Next message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4