[Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on nx and OSX (original) (raw)
Wes Turner wes.turner at gmail.com
Fri Sep 26 00:59:17 CEST 2014
- Previous message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
- Next message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This was helpful: http://sarge.readthedocs.org/en/latest/internals.html#how-shell-quoting-works
Wes Turner
On Thu, Sep 25, 2014 at 5:17 PM, Antoine Pitrou <solipsis at pitrou.net> wrote:
On Thu, 25 Sep 2014 13:00:16 -0700 Bob Hanson <d2mp1a9 at newsguy.com> wrote:
Critical bash vulnerability CVE-2014-6271 may affect Python on nx and OSX:
<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271> <http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/> <http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html> <http://www.openwall.com/lists/oss-security/2014/09/24/17> Also see news:gmane.comp.security.fulldisclosure for thread on same being started today. Fortunately, Python's subprocess has its
shellargument default to False. However,os.systeminvokes the shell implicitly and is therefore a possible attack vector. Regards Antoine.
Python-Dev mailing list Python-Dev at python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/wes.turner%40gmail.com
- Previous message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
- Next message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]