[Python-ideas] shutil.run (Was: shutil.runret and shutil.runout)
Steven D'Aprano
steve at pearwood.info
Thu May 24 04:00:58 CEST 2012
anatoly techtonik wrote:
> I am all ears how to make shutil.run() more secure. Right now I must
> confess that I don't even realize.how serious is this problems, so if
> anyone can came up with a real-world example with explanation of
> security concern that could be copied "as-is" into documentation, it
> will surely be appreciated not only by me.
Start here:
http://cwe.mitre.org/top25/index.html
Code injection attacks include two of the top three security vulnerabilities,
over even buffer overflows.
One sub-category of code injection:
OS Command Injection
http://cwe.mitre.org/data/definitions/78.html
--
Steven
More information about the Python-ideas
mailing list