Re: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on nx and OSX

Cameron Simpson Thu, 25 Sep 2014 16:16:09 -0700

On 26Sep2014 00:17, Antoine Pitrou <solip...@pitrou.net> wrote:

On Thu, 25 Sep 2014 13:00:16 -0700
Bob Hanson <d2mp...@newsguy.com> wrote:

Critical bash vulnerability CVE-2014-6271 may affect Python on
*n*x and OSX:
<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271>

[...]

Fortunately, Python's subprocess has its `shell` argument default to
False. However, `os.system` invokes the shell implicitly and is
therefore a possible attack vector.


Only if /bin/sh is bash :-) Not always the case, fortunately.

Cheers,
Cameron Simpson <c...@zip.com.au>

Death is life's way of telling you you've been fired.   - R. Geis
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX

Reply via email to

Re: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on nx and OSX