[New-bugs-announce] [issue39184] Many command execution functions are not raising auditing events
Saiyang Gou
report at bugs.python.org
Wed Jan 1 18:10:03 EST 2020
New submission from Saiyang Gou <gousaiyang223 at gmail.com>:
Similar to `os.system` (which is already raising auditing event), the following functions are also capable of command execution, so they also need auditing:
- os.execl
- os.execle
- os.execlp
- os.execlpe
- os.execv
- os.execve
- os.execvp
- os.execvpe
- os.posix_spawn
- os.posix_spawnp
- os.spawnl
- os.spawnle
- os.spawnlp
- os.spawnlpe
- os.spawnv
- os.spawnve
- os.spawnvp
- os.spawnvpe
- os.startfile
- pty.spawn
By the way, since `os.listdir`, `shutil.copytree` and `shutil.rmtree` are already being audited, is it necessary to audit file operations in the `os` module like `os.remove`?
----------
messages: 359177
nosy: Saiyang Gou
priority: normal
severity: normal
status: open
title: Many command execution functions are not raising auditing events
type: security
versions: Python 3.8, Python 3.9
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue39184>
_______________________________________
More information about the New-bugs-announce
mailing list