Message 398018 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	steven.daprano
Recipients	San, steven.daprano
Date	2021-07-23.00:48:20
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1627001301.15.0.553119987996.issue44709@roundup.psfhosted.org>
In-reply-to

Content
I might be missing something here, but if you send arbitrary binary data to stdout, where it gets written to the terminal, strange things are likely to happen. The terminal interprets the shell characters before Python gets to see them. I think that this is pretty much unavoidable. The Security Considerations section in the docs is about avoiding shell code injection attacks by sending unescaped data to the shell, it isn't relevant to the reverse situation where the process sends terminal control codes back.

I might be missing something here, but if you send arbitrary binary data to stdout, where it gets written to the terminal, strange things are likely to happen. The terminal interprets the shell characters before Python gets to see them.

I think that this is pretty much unavoidable.

The Security Considerations section in the docs is about avoiding shell code injection attacks by sending unescaped data to the shell, it isn't relevant to the reverse situation where the process sends terminal control codes back.

History
Date	User	Action	Args
2021-07-23 00:48:21	steven.daprano	set	recipients: + steven.daprano, San
2021-07-23 00:48:21	steven.daprano	set	messageid: <1627001301.15.0.553119987996.issue44709@roundup.psfhosted.org>
2021-07-23 00:48:21	steven.daprano	link	issue44709 messages
2021-07-23 00:48:20	steven.daprano	create