Message 359177 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	gousaiyang
Recipients	gousaiyang
Date	2020-01-01.23:10:03
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1577920203.73.0.648457466575.issue39184@roundup.psfhosted.org>
In-reply-to

Content
Similar to `os.system` (which is already raising auditing event), the following functions are also capable of command execution, so they also need auditing: - os.execl - os.execle - os.execlp - os.execlpe - os.execv - os.execve - os.execvp - os.execvpe - os.posix_spawn - os.posix_spawnp - os.spawnl - os.spawnle - os.spawnlp - os.spawnlpe - os.spawnv - os.spawnve - os.spawnvp - os.spawnvpe - os.startfile - pty.spawn By the way, since `os.listdir`, `shutil.copytree` and `shutil.rmtree` are already being audited, is it necessary to audit file operations in the `os` module like `os.remove`?

Similar to `os.system` (which is already raising auditing event), the following functions are also capable of command execution, so they also need auditing:

- os.execl
- os.execle
- os.execlp
- os.execlpe
- os.execv
- os.execve
- os.execvp
- os.execvpe
- os.posix_spawn
- os.posix_spawnp
- os.spawnl
- os.spawnle
- os.spawnlp
- os.spawnlpe
- os.spawnv
- os.spawnve
- os.spawnvp
- os.spawnvpe
- os.startfile
- pty.spawn

By the way, since `os.listdir`, `shutil.copytree` and `shutil.rmtree` are already being audited, is it necessary to audit file operations in the `os` module like `os.remove`?

History
Date	User	Action	Args
2020-01-01 23:10:03	gousaiyang	set	recipients: + gousaiyang
2020-01-01 23:10:03	gousaiyang	set	messageid: <1577920203.73.0.648457466575.issue39184@roundup.psfhosted.org>
2020-01-01 23:10:03	gousaiyang	link	issue39184 messages
2020-01-01 23:10:03	gousaiyang	create