subject:"\[issue21557\] os.popen os.system lack shell\-related security warnings"

[issue21557] os.popen os.system lack shell-related security warnings

2015-02-12 Thread Demian Brecht


Changes by Demian Brecht demianbre...@gmail.com:


--
nosy:  -demian.brecht

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21557
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21557] os.popen os.system lack shell-related security warnings

2014-12-05 Thread STINNER Victor


Changes by STINNER Victor victor.stin...@gmail.com:


--
nosy: +haypo

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21557
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21557] os.popen os.system lack shell-related security warnings

2014-12-05 Thread STINNER Victor


STINNER Victor added the comment:

Python 3.5 doc has no red warning in the subprocess module, but a nice section:
https://docs.python.org/dev/library/subprocess.html#security-considerations

Why not simply copying the note of the subprocess doc?
Note: Read the Security Considerations section before using shell=True.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21557
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21557] os.popen os.system lack shell-related security warnings

2014-12-05 Thread STINNER Victor


STINNER Victor added the comment:

subprocess.getstatusoutput(cmd) needs also this note (or warning).

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21557
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21557] os.popen os.system lack shell-related security warnings

2014-12-03 Thread Demian Brecht


Demian Brecht added the comment:

After discussion in Rietveld, the patch looks good to me.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21557
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21557] os.popen os.system lack shell-related security warnings

2014-12-03 Thread R. David Murray


R. David Murray added the comment:

Since Raymond is the person who tends to object most strongly to warning boxes 
in the docs, let's get his opinion on this.  I'm not sure that the warning box 
is necessary, the text may be sufficient.  On the other hand, this *is* a 
significant insecurity vector.

As far as the text goes, I'd combine the two paragraphs and introduce the text 
from the second one with Alternatively,   And if it isn't a warning box, 
the the language should be refocused to be positive: Use the Popen module with 
shell=False to avoid the common security issues involved in using unsanitized 
input from untrusted sources...

--
nosy: +r.david.murray, rhettinger

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21557
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21557] os.popen os.system lack shell-related security warnings

2014-12-01 Thread Chris Rebert


Chris Rebert added the comment:

Here is a patch that adds the necessary warnings from issue 7950.
Please review it when you get a chance.

--
keywords: +patch
Added file: http://bugs.python.org/file37338/fix-21557.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21557
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21557] os.popen os.system lack shell-related security warnings

2014-12-01 Thread Demian Brecht


Demian Brecht added the comment:

Left a comment in Rietveld.

--
nosy: +demian.brecht

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21557
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21557] os.popen os.system lack shell-related security warnings

2014-05-22 Thread Chris Rebert


New submission from Chris Rebert:

Since these functions run shell commands, which is a common vector for 
security-related bugs (see
* http://cwe.mitre.org/data/definitions/78.html
* http://cwe.mitre.org/data/definitions/88.html
), I suggest that they should have security warning boxes analogous to the one 
for the `subprocess` module:
https://docs.python.org/2/library/subprocess.html#frequently-used-arguments

--
assignee: docs@python
components: Documentation
messages: 218921
nosy: cvrebert, docs@python
priority: normal
severity: normal
status: open
title: os.popen  os.system lack shell-related security warnings
versions: Python 2.7, Python 3.5

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21557
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21557] os.popen os.system lack shell-related security warnings

[issue21557] os.popen os.system lack shell-related security warnings

[issue21557] os.popen os.system lack shell-related security warnings

[issue21557] os.popen os.system lack shell-related security warnings

[issue21557] os.popen os.system lack shell-related security warnings

[issue21557] os.popen os.system lack shell-related security warnings

[issue21557] os.popen os.system lack shell-related security warnings

[issue21557] os.popen os.system lack shell-related security warnings

[issue21557] os.popen os.system lack shell-related security warnings

9 matches

Site Navigation

Mail list logo

Footer information