Message 408498 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	vstinner
Recipients	Yongjik Kim, blueyed, christian.heimes, coldfix, kernc, mpaolini, ncoghlan, nedbat, vstinner, xtreak
Date	2021-12-13.23:29:50
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1639438190.25.0.310533517336.issue34624@roundup.psfhosted.org>
In-reply-to

Content
> Adding regular expression support to -W and PYTHONWARNINGS env var turns the options into potential attack vectors. Why would an attacker control these options? If an attacker controls how Python is run, they are more efficient way to take control of Python and execute arbitrary code, than just trigger a denial of service, no

> Adding regular expression support to -W and PYTHONWARNINGS env var turns the options into potential attack vectors.

Why would an attacker control these options?

If an attacker controls how Python is run, they are more efficient way to take control of Python and execute arbitrary code, than just trigger a denial of service, no

History
Date	User	Action	Args
2021-12-13 23:29:50	vstinner	set	recipients: + vstinner, ncoghlan, blueyed, christian.heimes, nedbat, mpaolini, kernc, xtreak, coldfix, Yongjik Kim
2021-12-13 23:29:50	vstinner	set	messageid: <1639438190.25.0.310533517336.issue34624@roundup.psfhosted.org>
2021-12-13 23:29:50	vstinner	link	issue34624 messages
2021-12-13 23:29:50	vstinner	create