This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author r.david.murray
Recipients TheRegRunner, r.david.murray
Date 2015-08-03.18:44:10
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1438627450.99.0.873703919599.issue24778@psf.upfronthosting.co.za>
In-reply-to
Content 
In this case os.system is an appropriate API, because it mirrors the API of mailcap itself (that is, mailcap entries are shell commands).  

I'm not convinced there is a security bug here.  It seems to me that there are two cases: either the filename is determined by the program, in which case there is no security issue, or the filename comes from an external source, and the program will have had to *write it to the file system* before the mailcap command will do anything.  So the security hole, if any, will have happened earlier in the process.

Now, one can argue that the quoting should be done in order to preserve the meaning of an arbitrary filename.  Which would allay your concern even if I disagree that it is a real security bug :)

(I don't understand why run-mailcap uses an alias rather than correctly quoting the meta-characters.)
History
Date User Action Args
2015-08-03 18:44:11r.david.murraysetrecipients: + r.david.murray, TheRegRunner
2015-08-03 18:44:10r.david.murraysetmessageid: <1438627450.99.0.873703919599.issue24778@psf.upfronthosting.co.za>
2015-08-03 18:44:10r.david.murraylinkissue24778 messages
2015-08-03 18:44:10r.david.murraycreate