Message 179797 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	neologix
Recipients	neologix
Date	2013-01-12.14:14:39
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1358000083.64.0.0773347996342.issue16945@psf.upfronthosting.co.za>
In-reply-to

Content
On Unix, CGIHTTPRequestHandler.run_cgi() uses the following code to run a CGI script: """ pid = os.fork() [...] # Child try: try: os.setuid(nobody) except OSError: pass os.dup2(self.rfile.fileno(), 0) os.dup2(self.wfile.fileno(), 1) os.execve(scriptfile, args, env) """ It's basically reimplementing subprocess.Popen, with a potential securiy issue: open file descriptors are not closed before exec, which means that the CGI script - which is run as 'nobody' on Unix to reduce its priviledges - can inherit open sockets or files (unless they're close-on-exec)... The attached patch rewrites run_cgi() to use subprocess on all platorms. I'm not at all familiar with CGI, so I don't guarantee it's correct, but the regression test test_httpservers passes on Linux. It leads to cleaner and safer code, so if someone with some httpsever/CGI background could review it, it would be great.

On Unix, CGIHTTPRequestHandler.run_cgi() uses the following code to run a CGI script:
"""
            pid = os.fork()
            [...]            
            # Child
            try:
                try:
                    os.setuid(nobody)
                except OSError:
                    pass
                os.dup2(self.rfile.fileno(), 0)
                os.dup2(self.wfile.fileno(), 1)
                os.execve(scriptfile, args, env)
"""

It's basically reimplementing subprocess.Popen, with a potential securiy issue: open file descriptors are not closed before exec, which means that the CGI script - which is run as 'nobody' on Unix to reduce its priviledges - can inherit open sockets or files (unless they're close-on-exec)...

The attached patch rewrites run_cgi() to use subprocess on all platorms.
I'm not at all familiar with CGI, so I don't guarantee it's correct, but  the regression test test_httpservers passes on Linux.

It leads to cleaner and safer code, so if someone with some httpsever/CGI background could review it, it would be great.

History
Date	User	Action	Args
2013-01-12 14:14:44	neologix	set	recipients: + neologix
2013-01-12 14:14:43	neologix	set	messageid: <1358000083.64.0.0773347996342.issue16945@psf.upfronthosting.co.za>
2013-01-12 14:14:43	neologix	link	issue16945 messages
2013-01-12 14:14:42	neologix	create