[Python-checkins] peps: PEP 446: add example of vulnerabilities

[victor.stinner]

http://hg.python.org/peps/rev/e2f9feb6be35
changeset:   5044:e2f9feb6be35
user:        Victor Stinner <victor.stinner at gmail.com>
date:        Sat Aug 10 00:51:14 2013 +0200
summary:
  PEP 446: add example of vulnerabilities

files:
  pep-0446.txt |  46 ++++++++++++++++++++++++++++-----------
  1 files changed, 33 insertions(+), 13 deletions(-)


diff --git a/pep-0446.txt b/pep-0446.txt
--- a/pep-0446.txt
+++ b/pep-0446.txt
@@ -140,19 +140,6 @@
   the server restarts while the program is not done: the server cannot
   start because the TCP port is still in use.
 
-Leaking file descriptors is also a well known security vulnerability:
-read
-`FIO42-C. Ensure files are properly closed when they are no longer
-needed
-<https://www.securecoding.cert.org/confluence/display/seccode/FIO42-C.+Ensure+files+are+properly+closed+when+they+are+no+longer+needed>`_
-of the CERT.
-
-An untrusted child process can read sensitive data like passwords and
-take control of the parent process though leaked file descriptors. It is
-for example a way to escape from a chroot. With a leaked listening
-socket, a child process can accept new connections to read sensitive
-data.
-
 Example of issues in open source projects:
 
 * `Mozilla (Firefox) <https://bugzilla.mozilla.org/show_bug.cgi?id=147659>`_:
@@ -178,6 +165,39 @@
   open since 2012-07
 
 
+Security Vulnerability
+----------------------
+
+Leaking file descriptors is also a well known security vulnerability:
+read
+`FIO42-C. Ensure files are properly closed when they are no longer
+needed
+<https://www.securecoding.cert.org/confluence/display/seccode/FIO42-C.+Ensure+files+are+properly+closed+when+they+are+no+longer+needed>`_
+of the CERT.
+
+An untrusted child process can read sensitive data like passwords and
+take control of the parent process though leaked file descriptors. It is
+for example a way to escape from a chroot. With a leaked listening
+socket, a child process can accept new connections to read sensitive
+data.
+
+Example of vulnerabilities:
+
+* `Hijacking Apache https by mod_php
+  <http://www.securityfocus.com/archive/1/348368>`_ (2003)
+
+  * Apache: `Apr should set FD_CLOEXEC if APR_FOPEN_NOCLEANUP is not set
+    <https://issues.apache.org/bugzilla/show_bug.cgi?id=46425>`_:
+    fixed in 2009
+  * PHP: `system() (and similar) don't cleanup opened handles of Apache
+    <https://bugs.php.net/bug.php?id=38915>`_: open since 2006
+* `CWE-403: Exposure of File Descriptor to Unintended Control Sphere
+  <http://cwe.mitre.org/data/definitions/403.html>`_ (2008)
+* `OpenSSH Security Advisory: portable-keysign-rand-helper.adv
+  <http://www.openssh.com/txt/portable-keysign-rand-helper.adv>`_
+  (2011)
+
+
 Issues fixed in the subprocess module
 -------------------------------------
 

-- 
Repository URL: http://hg.python.org/peps