[issue7950] subprocess.Popen documentation should contain a good warning about the security implications when using shell=True
Éric Araujo mer...@netwok.org added the comment: Looks good to me, except the last two lines which I would reword or just remove. I wonder how many people use shell=True merely for the convenience of passing a string instead of a list. What do you think about adding a mention of str.split and shlex.split? -- nosy: +eric.araujo type: security - behavior versions: -Python 2.6 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7950 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7950] subprocess.Popen documentation should contain a good warning about the security implications when using shell=True
Chris Rebert pyb...@rebertia.com added the comment: the above Note mentioned in those last two lines demonstrates shlex.split() and correct tokenization. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7950 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7950] subprocess.Popen documentation should contain a good warning about the security implications when using shell=True
R. David Murray rdmur...@bitdance.com added the comment: Committed (as a warning) in r86419. Thanks, Chris. -- stage: patch review - committed/rejected status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7950 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7950] subprocess.Popen documentation should contain a good warning about the security implications when using shell=True
Chris Rebert pyb...@rebertia.com added the comment: Adjusted patch per R. David's comment. I obviously think it should be a full red warning box (that's how it is in my patch), but my opinion clearly isn't an outside one. Also, Ping/Bump on finally getting this applied. -- Added file: http://bugs.python.org/file18670/subprocess.rst.diff ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7950 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7950] subprocess.Popen documentation should contain a good warning about the security implications when using shell=True
R. David Murray rdmur...@bitdance.com added the comment: Chris, thank you for the patch, sorry I didn't acknowledge it earlier. I think the core of the patch is good, though I will probably drop the text starting from To safely use... when I get time to apply it. I will also add a note along the lines of this applies also to Windows, although the details of the exploits differ. I would like input from others as to whether this should indeed be a red warning box, or is adequate as a note. We try to minimize the number of red boxes, but this may well be an appropriate case for one (I'm leaning that way myself). -- assignee: georg.brandl - d...@python nosy: +d...@python stage: needs patch - patch review ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7950 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7950] subprocess.Popen documentation should contain a good warning about the security implications when using shell=True
Changes by Chris Rebert pyb...@rebertia.com: Added file: http://bugs.python.org/file18209/subprocess.rst.diff ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7950 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7950] subprocess.Popen documentation should contain a good warning about the security implications when using shell=True
Chris Rebert pyb...@rebertia.com added the comment: My apologies for the extra email... -- Added file: http://bugs.python.org/file18210/subprocess.rst.diff ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7950 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7950] subprocess.Popen documentation should contain a good warning about the security implications when using shell=True
Changes by Chris Rebert pyb...@rebertia.com: Removed file: http://bugs.python.org/file18209/subprocess.rst.diff ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7950 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7950] subprocess.Popen documentation should contain a good warning about the security implications when using shell=True
Chris Rebert pyb...@rebertia.com added the comment: I found some extra time. Here's an initial suggested patch against py3k head. Disclaimer: I have no special expertise in computer security beyond having read Secure Coding: Principles and Practices a while back. -- keywords: +patch Added file: http://bugs.python.org/file18136/subprocess.rst.diff ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7950 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7950] subprocess.Popen documentation should contain a good warning about the security implications when using shell=True
Changes by Terry J. Reedy tjre...@udel.edu: -- nosy: -tjreedy ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7950 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7950] subprocess.Popen documentation should contain a good warning about the security implications when using shell=True
R. David Murray rdmur...@bitdance.com added the comment: Since the other bug was about a different topic and was closed as fixed, I'd rather have this issue open. What I've done instead is merge the nosy list from the other bug...anyone who is not interested can of course opt out of this one. Christoph, would you care to suggest a patch? -- nosy: +benjamin.peterson, brian.curtin, cvrebert, ncoghlan, pitrou, r.david.murray, tjreedy resolution: duplicate - accepted stage: committed/rejected - needs patch status: closed - open superseder: patch to subprocess docs to better explain Popen's 'args' argument - versions: +Python 2.7, Python 3.2 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7950 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7950] subprocess.Popen documentation should contain a good warning about the security implications when using shell=True
Chris Rebert pyb...@rebertia.com added the comment: I'm busy with finding an apartment and taking exams for the next week-or-so, but after that I'll try and suggest a patch. If anyone wants to have a crack at it between now and then, don't let me stop you. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7950 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7950] subprocess.Popen documentation should contain a good warning about the security implications when using shell=True
Christoph Neuroth christoph.neur...@googlemail.com added the comment: You're right, that has been improved in regard to how you can do it instead. However, I still think it lacks to mention the security risk involved - compare this to e.g. os.tempnam(), which has a warning in a red box. -- status: closed - open ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7950 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7950] subprocess.Popen documentation should contain a good warning about the security implications when using shell=True
Eric Smith e...@trueblade.com added the comment: If you want to generate some more discussion, I suggest you close this issue and reopen the other one, since that has more people on the nosy list. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7950 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7950] subprocess.Popen documentation should contain a good warning about the security implications when using shell=True
Christoph Neuroth christoph.neur...@googlemail.com added the comment: Good idea :) -- status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7950 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7950] subprocess.Popen documentation should contain a good warning about the security implications when using shell=True
New submission from Christoph Neuroth christoph.neur...@googlemail.com: Currently, the documentation of subprocess only says Calling the program through the shell is usually not required.. IMHO there should be a real warning (like, in its own box with a couple of big exclamation marks ;)) about the security implications of using this and detailed instructions of how to avoid it. People tend to use this functionality just because they know how to use the shell and its just so convenient - and by doing so they create huge security holes in their applications. -- assignee: georg.brandl components: Documentation messages: 99465 nosy: christoph.neuroth, georg.brandl severity: normal status: open title: subprocess.Popen documentation should contain a good warning about the security implications when using shell=True type: security versions: Python 2.6, Python 3.1 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7950 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7950] subprocess.Popen documentation should contain a good warning about the security implications when using shell=True
Eric Smith e...@trueblade.com added the comment: This was just discussed in issue 6760. -- nosy: +eric.smith resolution: - duplicate stage: - committed/rejected status: open - closed superseder: - patch to subprocess docs to better explain Popen's 'args' argument ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue7950 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com