[issue34624] -W option and PYTHONWARNINGS env variable does not accept module regexes
STINNER Victor
report at bugs.python.org
Mon Dec 13 18:29:50 EST 2021
STINNER Victor <vstinner at python.org> added the comment:
> Adding regular expression support to -W and PYTHONWARNINGS env var turns the options into potential attack vectors.
Why would an attacker control these options?
If an attacker controls how Python is run, they are more efficient way to take control of Python and execute arbitrary code, than just trigger a denial of service, no
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue34624>
_______________________________________
More information about the Python-bugs-list
mailing list