[issue36021] [Security][Windows] webbrowser: WindowsDefault uses os.startfile() and so can be abused to run arbitrary commands
Stéphane Wirtel
report at bugs.python.org
Wed Feb 20 07:34:18 EST 2019
Stéphane Wirtel <stephane at wirtel.be> added the comment:
Windows has the GetBinaryTypeW function, this one is used by pywin32, maybe I could develop a wrapper in os, like os.is_executable(path)
for Unix-like, os.is_executable(path) could use os.access(path, os.X_OK)
for Windows, the function would use GetBinaryTypeW.
my 2 cents.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue36021>
_______________________________________
More information about the Python-bugs-list
mailing list