Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2014-September/136480.html below:

[Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX

• Previous message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
• Next message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Sep 26, 2014 at 10:29 AM, Devin Jeanpierre
<jeanpierreda at gmail.com> wrote:
> As I understand it, if the attacker can help specify the environment
> (e.g. this is a CGI script), and you run os.system('echo hi'), you can
> get pwned. Even safe uses of os.system are vulnerable unless you point
> /bin/sh at a secure shell (e.g. patched bash).

/bin/sh may well not point to bash anyway - it doesn't on any of my
systems. Debian provides dash instead, much faster than bash. But if
you're invoking a script that calls for bash, then it's vulnerable.

ChrisA

• Previous message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
• Next message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4