Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2014-September/136488.html below:

[Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX

• Previous message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
• Next message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2014-09-25, 23:14 GMT, Cameron Simpson wrote:
>>Fortunately, Python's subprocess has its `shell` argument default to
>>False. However, `os.system` invokes the shell implicitly and is
>>therefore a possible attack vector.
>
> Only if /bin/sh is bash :-) Not always the case, fortunately.

Where does your faith that other /bin/sh implementations (dash, 
busybox, etc.) are less buggy comes from? On the contrary, bash 
being the most used, beaten, patched, and studied of them all 
has plenty of arguments to claim to be the most secure /bin/sh 
implementation around.  You just don't know about those other 
guys bugs. No reason to believe hackers don't know about them 
either.

Matěj

• Previous message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
• Next message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4