[Python-ideas] shutil.run (Was: shutil.runret and shutil.runout)
geremy condra
debatem1 at gmail.com
Thu May 24 05:24:39 CEST 2012
On Wed, May 23, 2012 at 7:00 PM, Steven D'Aprano <steve at pearwood.info>wrote:
> anatoly techtonik wrote:
>
> I am all ears how to make shutil.run() more secure. Right now I must
>> confess that I don't even realize.how serious is this problems, so if
>> anyone can came up with a real-world example with explanation of
>> security concern that could be copied "as-is" into documentation, it
>> will surely be appreciated not only by me.
>>
>
> Start here:
>
> http://cwe.mitre.org/top25/**index.html<http://cwe.mitre.org/top25/index.html>
>
> Code injection attacks include two of the top three security
> vulnerabilities, over even buffer overflows.
>
> One sub-category of code injection:
>
> OS Command Injection
> http://cwe.mitre.org/data/**definitions/78.html<http://cwe.mitre.org/data/definitions/78.html>
I talked about this in my pycon talk this year. It's easy to avoid and
disastrous to get wrong. Please don't do it this way.
Geremy Condra
>
>
>
>
> --
> Steven
>
> ______________________________**_________________
> Python-ideas mailing list
> Python-ideas at python.org
> http://mail.python.org/**mailman/listinfo/python-ideas<http://mail.python.org/mailman/listinfo/python-ideas>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20120523/3fa4de41/attachment.html>
More information about the Python-ideas
mailing list