In article <[EMAIL PROTECTED]>, "Gabriel Genellina" <[EMAIL PROTECTED]> writes: |> <[EMAIL PROTECTED]> escribió en el mensaje |> news:[EMAIL PROTECTED] |> |> > http://www.ddj.com/184405774;jsessionid=BDDEMUGJOPXUMQSNDLQCKHSCJUNN2JVN |> > |> > I saw a warning from homeland security about this. I only comment on |> > the because I am trying to use os.system('command1 arg') and it doesn't |> > work but I do see examples with % that is borrowed from the c language. |> > Seems like if I can write a batch file that does something the same |> > behavior should happen in the os module.. |> |> Pure Python programs are not affected, but a review of the C implementation |> should be made to see if any (variant of) printf is used without a proper |> format. Anyway I doubt you could find something, because the vulnerability |> is so well known for ages.
Not really. There are LOTS of vulnerabilities that have been known for ages and are still legion. The reason that this is unlikely is that it is both easy to spot and trivial to fix. Regards, Nick Maclaren.
-- http://mail.python.org/mailman/listinfo/python-list
