[Python-ideas] shutil.run (Was: shutil.runret and shutil.runout)

anatoly techtonik techtonik at gmail.com
Mon Jun 4 11:47:48 CEST 2012

On Thu, May 24, 2012 at 6:24 AM, geremy condra <debatem1 at gmail.com> wrote:
> On Wed, May 23, 2012 at 7:00 PM, Steven D'Aprano <steve at pearwood.info>
> wrote:
>> anatoly techtonik wrote:
>>> I am all ears how to make shutil.run() more secure. Right now I must
>>> confess that I don't even realize.how serious is this problems, so if
>>> anyone can came up with a real-world example with explanation of
>>> security concern that could be copied "as-is" into documentation, it
>>> will surely be appreciated not only by me.
>> Start here:
>> http://cwe.mitre.org/top25/index.html
>> Code injection attacks include two of the top three security
>> vulnerabilities, over even buffer overflows.
>> One sub-category of code injection:
>> OS Command Injection
>> http://cwe.mitre.org/data/definitions/78.html

Great links. Thanks. Do they still too generic to be placed in docs?

> I talked about this in my pycon talk this year. It's easy to avoid and
> disastrous to get wrong. Please don't do it this way.

Sorry, don't have too much time to watch it right now. Any specific
slides, ideas or exceprts?
anatoly t.

More information about the Python-ideas mailing list