[Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX

Stefan Behnel stefan_ml at behnel.de
Fri Sep 26 14:56:05 CEST 2014

Jeremy Sanders schrieb am 26.09.2014 um 09:28:
> Antoine Pitrou wrote:
>> Fortunately, Python's subprocess has its `shell` argument default to
>> False. However, `os.system` invokes the shell implicitly and is
>> therefore a possible attack vector.
> Of course anything called by subprocess with shell=False may invoke the 
> shell itself if it runs other processes.

Ok, but does that really make it a relevant topic for python-dev?


More information about the Python-Dev mailing list