RetroSearch Browse

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2014-September/136487.html below:

[Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on nx and OSX

[Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSXJeremy Sanders jeremy at jeremysanders.net
Fri Sep 26 09:28:15 CEST 2014

Previous message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
Next message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Antoine Pitrou wrote:

> Fortunately, Python's subprocess has its `shell` argument default to
> False. However, `os.system` invokes the shell implicitly and is
> therefore a possible attack vector.

Of course anything called by subprocess with shell=False may invoke the 
shell itself if it runs other processes.

Jeremy

Previous message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
Next message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4