[Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on nx and OSX (original) (raw)

Antoine Pitrou solipsis at pitrou.net
Fri Sep 26 15:03:51 CEST 2014

• Previous message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
• Next message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 26 Sep 2014 14:56:05 +0200 Stefan Behnel <stefan_ml at behnel.de> wrote:

Jeremy Sanders schrieb am 26.09.2014 um 09:28: > Antoine Pitrou wrote: > >> Fortunately, Python's subprocess has its shell argument default to >> False. However, os.system invokes the shell implicitly and is >> therefore a possible attack vector. > > Of course anything called by subprocess with shell=False may invoke the > shell itself if it runs other processes.

Ok, but does that really make it a relevant topic for python-dev?

No. I don't know why the OP posted here. (but we have all kinds of borderline discussion threads these days, and people don't seem to care when they are asked to move the discussion elsewhere, so...)

Regards

Antoine.

• Previous message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
• Next message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list