when format strings attack
Gabriel Genellina
gagsl-py at yahoo.com.ar
Fri Jan 19 10:44:59 EST 2007
<Eric_Dexter at msn.com> escribió en el mensaje
news:1169207467.989977.162940 at q2g2000cwa.googlegroups.com...
> http://www.ddj.com/184405774;jsessionid=BDDEMUGJOPXUMQSNDLQCKHSCJUNN2JVN
>
> I saw a warning from homeland security about this. I only comment on
> the because I am trying to use os.system('command1 arg') and it doesn't
> work but I do see examples with % that is borrowed from the c language.
> Seems like if I can write a batch file that does something the same
> behavior should happen in the os module..
Pure Python programs are not affected, but a review of the C implementation
should be made to see if any (variant of) printf is used without a proper
format. Anyway I doubt you could find something, because the vulnerability
is so well known for ages.
--
Gabriel Genellina
More information about the Python-list
mailing list