Message 254670 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	TheRegRunner
Recipients	TheRegRunner, dstufft, eric.araujo
Date	2015-11-14.21:13:32
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1447535612.69.0.122030151224.issue25627@psf.upfronthosting.co.za>
In-reply-to

Content
https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1514183 File : /usr/lib/python2.7/distutils/command/bdist_rpm.py Line 358 : This line in the code uses the depreached os.popen command, should be replaced with subprocess.Popen() : out = os.popen(q_cmd) Exploit demo : ============ 1) Download the setup.py script witch i attached 2) Create a test folder an put the setup.py script in this folder 3) cd to the test folder 4) python setup.py bdist_rpm 5) A xmessage window pops up as a proof of concept

https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1514183

File :
/usr/lib/python2.7/distutils/command/bdist_rpm.py

Line 358 :
This line in the code uses the depreached os.popen command, should be replaced with subprocess.Popen() :

out = os.popen(q_cmd)

Exploit demo :
============
1) Download the setup.py script witch i attached
2) Create a test folder an put the setup.py script in this folder
3) cd to the test folder
4) python setup.py bdist_rpm
5) A xmessage window pops up as a proof of concept

History
Date	User	Action	Args
2015-11-14 21:13:32	TheRegRunner	set	recipients: + TheRegRunner, eric.araujo, dstufft
2015-11-14 21:13:32	TheRegRunner	set	messageid: <1447535612.69.0.122030151224.issue25627@psf.upfronthosting.co.za>
2015-11-14 21:13:32	TheRegRunner	link	issue25627 messages
2015-11-14 21:13:32	TheRegRunner	create