Message408498
> Adding regular expression support to -W and PYTHONWARNINGS env var turns the options into potential attack vectors.
Why would an attacker control these options?
If an attacker controls how Python is run, they are more efficient way to take control of Python and execute arbitrary code, than just trigger a denial of service, no |
|
Date |
User |
Action |
Args |
2021-12-13 23:29:50 | vstinner | set | recipients:
+ vstinner, ncoghlan, blueyed, christian.heimes, nedbat, mpaolini, kernc, xtreak, coldfix, Yongjik Kim |
2021-12-13 23:29:50 | vstinner | set | messageid: <1639438190.25.0.310533517336.issue34624@roundup.psfhosted.org> |
2021-12-13 23:29:50 | vstinner | link | issue34624 messages |
2021-12-13 23:29:50 | vstinner | create | |
|