[issue21831] integer overflow in 'buffer' type allows reading memory
Henri Salo added the comment: CVE-2014-7185 -- nosy: +Henri.Salo ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue21831 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14579] Vulnerability in the utf-16 decoder after error handling
Henri Salo he...@nerv.fi added the comment: Debian bug-report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670389 Found in versions python3-defaults/3.2.3~rc1-2, python3-defaults/3.1.3-12+squeeze1 -- nosy: +Henri.Salo ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14579 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14579] Vulnerability in the utf-16 decoder after error handling
Henri Salo he...@nerv.fi added the comment:
I tested versions 3.1.1, 3.1.2, 3.1.3, 3.1.4 and 3.1.5 and only 3.1.3 crashed
with Segmentation fault:
Program received signal SIGSEGV, Segmentation fault.
0x004c483a in PyObject_Call (func=0x77e4d3b0, arg=0x770fd410,
kw=0x0) at Objects/abstract.c:2156
2156if ((call = func-ob_type-tp_call) != NULL) {
(gdb) bt
#0 0x004c483a in PyObject_Call (func=0x77e4d3b0,
arg=0x770fd410, kw=0x0) at Objects/abstract.c:2156
#1 0x0045c437 in do_call (f=0x8929b0, throwflag=value optimized out)
at Python/ceval.c:3982
#2 call_function (f=0x8929b0, throwflag=value optimized out) at
Python/ceval.c:3785
#3 PyEval_EvalFrameEx (f=0x8929b0, throwflag=value optimized out) at
Python/ceval.c:2548
#4 0x0045e675 in PyEval_EvalCodeEx (co=0x77159e30, globals=value
optimized out, locals=value optimized out, args=0x0, argcount=1, kws=value
optimized out,
kwcount=0, defs=0x0, defcount=0, kwdefs=0x0, closure=0x0) at
Python/ceval.c:3198
#5 0x0045e77b in PyEval_EvalCode (co=0x77e4d3b0,
globals=0x770fd410, locals=0x0) at Python/ceval.c:668
#6 0x004800b2 in run_mod (fp=value optimized out, filename=value
optimized out, flags=0x7fffe390) at Python/pythonrun.c:1711
#7 PyRun_InteractiveOneFlags (fp=value optimized out, filename=value
optimized out, flags=0x7fffe390) at Python/pythonrun.c:1104
#8 0x004803ce in PyRun_InteractiveLoopFlags (fp=0x775346a0,
filename=0x5312a1 stdin, flags=0x7fffe390) at Python/pythonrun.c:1006
#9 0x00480bab in PyRun_AnyFileExFlags (fp=0x775346a0,
filename=0x5312a1 stdin, closeit=0, flags=0x7fffe390) at
Python/pythonrun.c:975
#10 0x00496422 in Py_Main (argc=value optimized out, argv=value
optimized out) at Modules/main.c:607
#11 0x00416e6e in main (argc=value optimized out, argv=value
optimized out) at ./Modules/python.c:152
--
versions: +Python 3.1
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14579
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue11662] Redirect vulnerability in urllib/urllib2
Henri Salo he...@nerv.fi added the comment: CVE-2011-1521 has been assigned to this issue. -- nosy: +Henri.Salo ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue11662 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue8890] Modules have dangerous examples in documentation
Henri Salo he...@nerv.fi added the comment: No it does not. http://www.owasp.org/index.php/Insecure_Temporary_File -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue8890 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue8890] Module logging has dangerous examples
Henri Salo he...@nerv.fi added the comment: Please note that there is other similar examples as well. Even on the same page. -- status: closed - open ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue8890 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue8890] Module logging has dangerous examples
Henri Salo he...@nerv.fi added the comment:
We should review all of these:
install/index.rst: python setup.py build --build-base=/tmp/pybuild/foo-1.0
install/index.rst: python setup.py install --install-base=/tmp
install/index.rst:would install pure modules to :file:`{/tmp/python/lib}` in
the first case, and
install/index.rst:to :file:`{/tmp/lib}` in the second case. (For the second
case, you probably
install/index.rst:want to supply an installation base of :file:`/tmp/python`.)
library/pipes.rst:f=t.open('/tmp/1', 'w')
library/pipes.rst:open('/tmp/1').read()
library/mailcap.rst:mailcap.findmatch(d, 'video/mpeg',
filename='/tmp/tmp1223')
library/mailcap.rst: ('xmpeg /tmp/tmp1223', {'view': 'xmpeg %s'})
library/logging.rst: LOG_FILENAME = '/tmp/logging_rotatingfile_example.out'
library/logging.rst: /tmp/logging_rotatingfile_example.out
library/logging.rst: /tmp/logging_rotatingfile_example.out.1
library/logging.rst: /tmp/logging_rotatingfile_example.out.2
library/logging.rst: /tmp/logging_rotatingfile_example.out.3
library/logging.rst: /tmp/logging_rotatingfile_example.out.4
library/logging.rst: /tmp/logging_rotatingfile_example.out.5
library/logging.rst:The most current file is always
:file:`/tmp/logging_rotatingfile_example.out`,
library/logging.rst: filename='/tmp/myapp.log',
library/logging.rst:which results in output (written to ``/tmp/myapp.log``)
which should look
library/atexit.rst: _count = int(open(/tmp/counter).read())
library/atexit.rst: open(/tmp/counter, w).write(%d % _count)
library/imghdr.rst:imghdr.what('/tmp/bass.gif')
library/tempfile.rst:
'/var/folders/5q/5qTPn6xq2RaWqk+1Ytw3-U+++TI/-Tmp-/tmpG7V1Y0'
library/tempfile.rst: * On all other platforms, the directories
:file:`/tmp`, :file:`/var/tmp`, and
library/tempfile.rst::file:`/usr/tmp`, in that order.
library/posixfile.rst: file = posixfile.open('/tmp/test', 'w')
library/cgi.rst: cgitb.enable(display=0, logdir=/tmp)
library/optparse.rst: prog -v --report /tmp/report.txt foo bar
library/optparse.rst:takes one argument, ``/tmp/report.txt`` is an option
argument. ``foo`` and
library/rexec.rst: :file:`/tmp` or uploading it to the :file:`/incoming`
directory of your public
library/rexec.rst::file:`/tmp` to be written, we can subclass the
:class:`RExec` class::
library/rexec.rst: # check filename : must begin with /tmp/
library/rexec.rst: if file[:5]!='/tmp/':
library/rexec.rst: raise IOError(can't write outside /tmp)
library/rexec.rst:called :file:`/tmp/foo/../bar`. To fix this, the
:meth:`r_open` method would
library/rexec.rst:have to simplify the filename to :file:`/tmp/bar`, which
would require splitting
library/compiler.rst::file:`/tmp/doublelib.py`. ::
library/compiler.rst:mod = compiler.parseFile(/tmp/doublelib.py)
library/zipimport.rst:subdirectory. For example, the path
:file:`/tmp/example.zip/lib/` would only
library/zipimport.rst: $ unzip -l /tmp/example.zip
library/zipimport.rst: Archive: /tmp/example.zip
library/zipimport.rst:sys.path.insert(0, '/tmp/example.zip') # Add .zip
file to front of path
library/zipimport.rst: '/tmp/example.zip/jwzthreading.py'
library/trace.rst: # make a report, placing output in /tmp
library/trace.rst: r.write_results(show_missing=True, coverdir=/tmp)
library/nntplib.rst:f = open('/tmp/article')
library/bsddb.rst:db = bsddb.btopen('/tmp/spam.db', 'c')
library/sqlite3.rst::file:`/tmp/example` file::
library/sqlite3.rst: conn = sqlite3.connect('/tmp/example')
tutorial/inputoutput.rst:f = open('/tmp/workfile', 'w')
tutorial/inputoutput.rst: open file '/tmp/workfile', mode 'w' at 80a0960
tutorial/inputoutput.rst:f = open('/tmp/workfile', 'r+')
tutorial/inputoutput.rst: with open('/tmp/workfile', 'r') as f:
whatsnew/2.3.rst: a...@nyman:~/src/python$ unzip -l /tmp/example.zip
whatsnew/2.3.rst: Archive: /tmp/example.zip
whatsnew/2.3.rst:sys.path.insert(0, '/tmp/example.zip') # Add .zip file
to front of path
whatsnew/2.3.rst: '/tmp/example.zip/jwzthreading.py'
whatsnew/2.3.rst:subdirectory; for example, the path
:file:`/tmp/example.zip/lib/` would only
whatsnew/2.3.rst: os.stat(/tmp).st_mtime
whatsnew/2.3.rst: os.stat(/tmp).st_mtime
whatsnew/2.0.rst: output = UTF8_streamwriter( open( '/tmp/output', 'wb') )
whatsnew/2.0.rst: input = UTF8_streamreader( open( '/tmp/output', 'rb') )
whatsnew/2.6.rst: shutil.copytree('Doc/library', '/tmp/library',
whatsnew/2.6.rst:# to the /tmp directory.
whatsnew/2.6.rst:z.extract('Python/sysmodule.c', '/tmp')
whatsnew/2.6.rst:plistlib.writePlist(data_struct,
'/tmp/customizations.plist')
whatsnew/2.6.rst:new_struct =
plistlib.readPlist('/tmp/customizations.plist')
whatsnew/2.7.rst:- ./python.exe argparse-example.py -v -o /tmp/output -C 4
file1 file2
whatsnew/2.7.rst:{'output': '/tmp/output',
whatsnew/2.4.rst: sts
[issue8890] Module logging has dangerous examples
Henri Salo he...@nerv.fi added the comment: Please review the changes for the quality of the documentation. There probably is still more places to change. References can be made to: http://docs.python.org/library/tempfile.html#tempfile.mkstemp -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue8890 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue8890] Modules have dangerous examples in documentation
Changes by Henri Salo he...@nerv.fi: -- title: Module logging has dangerous examples - Modules have dangerous examples in documentation ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue8890 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue8890] Module logging has dangerous examples
New submission from Henri Salo he...@nerv.fi:
Module logging has dangerous examples as one can see from:
http://docs.python.org/library/logging.html#simple-examples 15.6.1.1:
import logging
LOG_FILENAME = '/tmp/logging_example.out'
logging.basicConfig(filename=LOG_FILENAME,level=logging.DEBUG)
logging.debug('This message should go to the log file')
It is not very wise to guide programmers to create programming mistakes. More
information about the situation from:
http://www.owasp.org/index.php/Insecure_Temporary_File.
--
components: None
messages: 106982
nosy: Henri.Salo
priority: normal
severity: normal
status: open
title: Module logging has dangerous examples
type: security
versions: Python 2.6
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue8890
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
