[Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on nx and OSX (original) (raw)

Stefan Behnel stefan_ml at behnel.de
Fri Sep 26 14:56:05 CEST 2014

• Previous message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
• Next message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jeremy Sanders schrieb am 26.09.2014 um 09:28:

Antoine Pitrou wrote:

Fortunately, Python's subprocess has its shell argument default to False. However, os.system invokes the shell implicitly and is therefore a possible attack vector. Of course anything called by subprocess with shell=False may invoke the shell itself if it runs other processes.

Ok, but does that really make it a relevant topic for python-dev?

Stefan

• Previous message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
• Next message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list