Undocumented risky behaviour in subprocess module #101283
Comments
|
FYI,
Note that if If you define |
|
FYI - this originally came in as a security report to PSRT. I redirected the reporter here (thanks for reporting this!) as this didn't seem serious enough to be embargoed. I'm still tagging it as such and aiming for a full set of backports as it feels like a good idea. |
…ue on Windows (pythonGH-101286) (cherry picked from commit 23751ed) Co-authored-by: Oleg Iarygin <oleg@arhadthedev.net>
…ue on Windows (pythonGH-101286) (cherry picked from commit 23751ed) Co-authored-by: Oleg Iarygin <oleg@arhadthedev.net>
…ue on Windows (pythonGH-101286) (cherry picked from commit 23751ed) Co-authored-by: Oleg Iarygin <oleg@arhadthedev.net>
|
The versionchanged markers in several of the PRs are inaccurate. |
|
The backports are not merged yet - do you want to just fix it there? |
|
Ah I see, it's only the versions in |
….11.3 (pythonGH-101719) (cherry picked from commit 0e0c5d8) Co-authored-by: Steve Dower <steve.dower@python.org>
|
Fully merged, and all the fixes should be in (I hope). Thanks all! |
* main: (82 commits) pythongh-101670: typo fix in PyImport_ExtendInittab() (python#101723) pythonGH-99293: Document that `Py_TPFLAGS_VALID_VERSION_TAG` shouldn't be used. (#pythonGH-101736) no-issue: Add Dong-hee Na as the cjkcodecs codeowner (pythongh-101731) pythongh-101678: Merge math_1_to_whatever() and math_1() (python#101730) pythongh-101678: refactor the math module to use special functions from c11 (pythonGH-101679) pythongh-85984: Remove legacy Lib/pty.py code. (python#92365) pythongh-98831: Use opcode metadata for stack_effect() (python#101704) pythongh-101283: Version was just released, so should be changed in 3.11.3 (pythonGH-101719) pythongh-101283: Fix use of unbound variable (pythonGH-101712) pythongh-101283: Improved fallback logic for subprocess with shell=True on Windows (pythonGH-101286) pythongh-101277: Port more itertools static types to heap types (python#101304) pythongh-98831: Modernize CALL and family (python#101508) pythonGH-101696: invalidate type version tag in `_PyStaticType_Dealloc` (python#101697) pythongh-100221: Fix creating dirs in `make sharedinstall` (pythonGH-100329) pythongh-101670: typo fix in PyImport_AppendInittab() (pythonGH-101672) pythongh-101196: Make isdir/isfile/exists faster on Windows (pythonGH-101324) pythongh-101614: Don't treat python3_d.dll as a Python DLL when checking extension modules for incompatibility (pythonGH-101615) pythongh-100933: Improve `check_element` helper in `test_xml_etree` (python#100934) pythonGH-101578: Normalize the current exception (pythonGH-101607) pythongh-47937: Note that Popen attributes are read-only (python#93070) ...
* main: Fix some typos in asdl_c.py (pythonGH-101757) pythongh-101747: Fix refleak in new `OrderedDict` repr (pythonGH-101748) pythongh-101430: Update tracemalloc to handle presize properly. (pythongh-101745) pythonGH-101228: Fix typo in docstring for read method of `_io.TextIOWrapper` class (python#101227) Fix typo in `test_fstring.py` (python#101600) pythongh-101726: Update the OpenSSL version to 1.1.1t (pythonGH-101727) pythongh-101283: Fix 'versionchanged' for the shell=True fallback on Windows in 3.12 (pythonGH-101728) LibFFI build requires x64 Cygwin, and skip the ARM build (pythonGH-101743)
Bug report - Undocumented risky behaviour in subprocess module
When using
subprocess.Popenwithshell=Trueon Windows and without aCOMSPECenvironment variable, acmd.exeis launched. The problem is thecmd.exefull path is not written, Windows will search the executable in the current directory and in the PATH. If an arbitrary executable file is written to the current directory or to a directory in the PATH, it can be run instead of the real cmd.exe.See the code here and a POC here.
cmd.exestring byC:\WINDOWS\system32\cmd.exe.Linked PRs
versionchangedof gh-101283 (3.12 only) #101728The text was updated successfully, but these errors were encountered: