[Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
cs at zip.com.au
Fri Sep 26 01:14:37 CEST 2014
On 26Sep2014 00:17, Antoine Pitrou <solipsis at pitrou.net> wrote:
>On Thu, 25 Sep 2014 13:00:16 -0700
>Bob Hanson <d2mp1a9 at newsguy.com> wrote:
>> Critical bash vulnerability CVE-2014-6271 may affect Python on
>> *n*x and OSX:
>Fortunately, Python's subprocess has its `shell` argument default to
>False. However, `os.system` invokes the shell implicitly and is
>therefore a possible attack vector.
Only if /bin/sh is bash :-) Not always the case, fortunately.
Cameron Simpson <cs at zip.com.au>
Death is life's way of telling you you've been fired. - R. Geis
More information about the Python-Dev