[Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on nx and OSX (original) (raw)

Cameron Simpson cs at zip.com.au
Fri Sep 26 01:14:37 CEST 2014

• Previous message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
• Next message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 26Sep2014 00:17, Antoine Pitrou <solipsis at pitrou.net> wrote:

On Thu, 25 Sep 2014 13:00:16 -0700 Bob Hanson <d2mp1a9 at newsguy.com> wrote:

Critical bash vulnerability CVE-2014-6271 may affect Python on nx and OSX: <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271> [...] Fortunately, Python's subprocess has its shell argument default to False. However, os.system invokes the shell implicitly and is therefore a possible attack vector.

Only if /bin/sh is bash :-) Not always the case, fortunately.

Cheers, Cameron Simpson <cs at zip.com.au>

Death is life's way of telling you you've been fired. - R. Geis

• Previous message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
• Next message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list