Python script isn't producing text in data file
Chris Angelico
rosuav at gmail.com
Wed Dec 10 21:50:09 EST 2014
On Thu, Dec 11, 2014 at 1:41 PM, Steven D'Aprano <steve at pearwood.info> wrote:
> On Thu, 11 Dec 2014 12:44:51 +1100, Chris Angelico wrote:
>
>> Agreed. There are ways around some of those problems (eg using wget to
>> fetch something, and then looking at it in a text editor - it's hard to
>> get pwned through a text editor... though I won't say impossible), but
>> there are other issues too, and all in all, it's just best to include
>> the text in-line.
>
> I believe that there was a recently discovered exploit on Linux where
> viewing a file with "less" could run arbitrary code.
Which is why I refused to say "impossible" :) Although you gain the
additional benefit of an unpredictable attack vector; one person might
use 'less', another might open it in SciTE, a third might just cat the
file and scroll through it some other way. It's hard to aim at a
target that exists in so many pieces, and probably isn't worth the
effort of attacking.
ChrisA
More information about the Python-list
mailing list