cgi security
Jeff Epler
jepler at inetnebr.com
Tue Apr 3 09:03:10 EDT 2001
On Tue, 3 Apr 2001 08:59:09 +0100, Robin Becker
<robin at jessikat.fsnet.co.uk> wrote:
>Are there any possible break ins in lib/cgi.py that someone malicious
>could exploit? The classic exploits seem quite hard to find in python
>code unless people start using fixed length buffers etc, but are there
>other opportunities (perhaps more pythonic)?
There are no known problems in cgi.py itself (at any rate, none *I* know
about, and none listed obviously in the update messages for cgi.py at
least since Python 1.4), but cgi.py can be used poorly --- for instance,
x = cgi.FieldStorage()
system("echo %s" % x['something'].value)
is insecure when someone uses a url like
http://....../cgi-bin/bad.py?something=owned%3brm+-rf+/
(In this example, Perl has a slight advantage because "taint checks" can
flag this sort of thing)
There are plenty of other examples of this sort of thing.
Jeff
More information about the Python-list
mailing list