[issue46251] logger.config.configure_formatter executes arbitrary code
MarkBaggett
report at bugs.python.org
Mon Jan 3 17:58:37 EST 2022
MarkBaggett <lo127001 at gmail.com> added the comment:
"Dont load untrusted config files" is the answer I expected. It the only safe answer really. But is there really a mechanism to provide trust of an external config file other that file permissions? It doesn't seem like hmac or digital signatures work because you have to provide a mechanism to resign it every time they change a config. So an attacker could just resign after adding the exploit. Maybe file permissions is all we have.
Is it reasonable to say that all classes by _resolve() and resolve() should have "logger." at the top of them? If not perhaps the object could have a permitted list of top level packages that defaults to just "logger." but could be extended to others by the developer.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue46251>
_______________________________________
More information about the Python-bugs-list
mailing list