[issue25751] ctypes.util , Shell Injection in find_library()

Martin Panter added the comment: I do not believe 3.5 is fixed either: $ python3.5 Python 3.5.0 (default, Sep 20 2015, 11:28:25) [GCC 5.2.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import ctypes.util >>> ctypes.util.find_library("; echo Hello shell >&

[issue25751] ctypes.util , Shell Injection in find_library()

Dimitri John Ledkov added the comment: Whilst fixed in 3.5, it is not fixed in 2.7. And the reporter believes this is a security vulnerability. Can this be cherry-picked into the 2.7 branch? -- nosy: +xnox ___ Python tracker

[issue25751] ctypes.util , Shell Injection in find_library()

Bernd Dietzel added the comment: i made the ubuntu link readable for everyone. -- ___ Python tracker ___ ___ Python-bugs-list mailing

[issue25751] ctypes.util , Shell Injection in find_library()

Martin Panter added the comment: Your Ubuntu link seems broken, or is that a private report? -- ___ Python tracker ___ ___ Python-bugs

[issue25751] ctypes.util , Shell Injection in find_library()

Martin Panter added the comment: There is a patch at Issue 22636 which looks like it replaces all five os.popen() calls. -- nosy: +martin.panter resolution: -> duplicate status: open -> closed superseder: -> avoid using a shell in ctypes.util: replace os.popen with subprocess __

[issue25751] ctypes.util , Shell Injection in find_library()

New submission from Bernd Dietzel: The find_library() function can execute code when special chars like ;|`<>$ are in the name. The "os.popen()" calls in the util.py script should be replaced with "subprocess.Popen()". Demo Exploits for Linux : >>> from ctypes.util import