[Python-ideas] shutil.run (Was: shutil.runret and shutil.runout) (original) (raw)

geremy condra debatem1 at gmail.com
Tue Jun 5 08:00:34 CEST 2012

On Mon, Jun 4, 2012 at 2:47 AM, anatoly techtonik <techtonik at gmail.com>wrote:

On Thu, May 24, 2012 at 6:24 AM, geremy condra <debatem1 at gmail.com> wrote: > On Wed, May 23, 2012 at 7:00 PM, Steven D'Aprano <steve at pearwood.info> > wrote: >> >> anatoly techtonik wrote: >> >>> I am all ears how to make shutil.run() more secure. Right now I must >>> confess that I don't even realize.how serious is this problems, so if >>> anyone can came up with a real-world example with explanation of >>> security concern that could be copied "as-is" into documentation, it >>> will surely be appreciated not only by me. >> >> >> Start here: >> >> http://cwe.mitre.org/top25/index.html >> >> Code injection attacks include two of the top three security >> vulnerabilities, over even buffer overflows. >> >> One sub-category of code injection: >> >> OS Command Injection >> http://cwe.mitre.org/data/definitions/78.html

Great links. Thanks. Do they still too generic to be placed in docs? > > I talked about this in my pycon talk this year. It's easy to avoid and > disastrous to get wrong. Please don't do it this way. Sorry, don't have too much time to watch it right now. Any specific slides, ideas or exceprts?

The main idea was just that by combining a bit of awareness of common security anti-patterns (like this one) with a good test regimen and some script kiddie tools you can protect yourself from a lot of common vulnerabilities without being a security guru. I demonstrated how that process works on something fairly similar to this, but if you're interested in more details I'm happy to blather on or dredge up my slides.

Geremy Condra

--

anatoly t. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-ideas/attachments/20120604/97de8c3b/attachment.html>

More information about the Python-ideas mailing list