[issue44709] [3.7] Popen Control Characters in stdout affect shell session
Steven D'Aprano
report at bugs.python.org
Thu Jul 22 20:48:21 EDT 2021
Steven D'Aprano <steve+python at pearwood.info> added the comment:
I might be missing something here, but if you send arbitrary binary data to stdout, where it gets written to the terminal, strange things are likely to happen. The terminal interprets the shell characters before Python gets to see them.
I think that this is pretty much unavoidable.
The Security Considerations section in the docs is about avoiding shell code injection attacks by sending unescaped data to the shell, it isn't relevant to the reverse situation where the process sends terminal control codes back.
----------
nosy: +steven.daprano
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue44709>
_______________________________________
More information about the Python-bugs-list
mailing list