23 May
2012
23 May
'12
7 p.m.
anatoly techtonik wrote:
I am all ears how to make shutil.run() more secure. Right now I must confess that I don't even realize.how serious is this problems, so if anyone can came up with a real-world example with explanation of security concern that could be copied "as-is" into documentation, it will surely be appreciated not only by me.
Start here: http://cwe.mitre.org/top25/index.html Code injection attacks include two of the top three security vulnerabilities, over even buffer overflows. One sub-category of code injection: OS Command Injection http://cwe.mitre.org/data/definitions/78.html -- Steven