New submission from Saiyang Gou <gousaiyang...@gmail.com>:
Similar to `os.system` (which is already raising auditing event), the following functions are also capable of command execution, so they also need auditing: - os.execl - os.execle - os.execlp - os.execlpe - os.execv - os.execve - os.execvp - os.execvpe - os.posix_spawn - os.posix_spawnp - os.spawnl - os.spawnle - os.spawnlp - os.spawnlpe - os.spawnv - os.spawnve - os.spawnvp - os.spawnvpe - os.startfile - pty.spawn By the way, since `os.listdir`, `shutil.copytree` and `shutil.rmtree` are already being audited, is it necessary to audit file operations in the `os` module like `os.remove`? ---------- messages: 359177 nosy: Saiyang Gou priority: normal severity: normal status: open title: Many command execution functions are not raising auditing events type: security versions: Python 3.8, Python 3.9 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue39184> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
