Python rexec and Bastion flaws

To: debian-python@lists.debian.org
Cc: security@debian.org
Subject: Python rexec and Bastion flaws
From: Bastian Kleineidam <calvin@debian.org>
Date: Mon, 20 Jan 2003 22:10:16 +0100
Message-id: <20030120211015.GD12749@treasure>
Mail-followup-to: debian-python@lists.debian.org, security@debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I just read this Post from Guido van Rossum[1] that the rexec.py and
Bastian.py modules have severe security flaws. These modules will be
disabled in the next 2.2 and 2.3 releases to avoid security risks.
[1] http://groups.google.com/groups?selm=mailman.1041875417.12807.clpa-moderators%40python.org

I suggest to disable the above two modules in python2.2 (which is in
woody), even if existing applications can break. What do you think?


Cheers, Bastian

- -- 
     Bastian Kleineidam

 Atombombe · Plutonium · Fat Man · Do it Yourself · Tim Taylor
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+LGW3eBwlBDLsbz4RAu+ZAKDN5VLaGu+PLBRTaSegm6slrw2O8QCfQ0Ts
PbQcu2UTjLbDq38JnGFk32Y=
=YLz7
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: Python rexec and Bastion flaws
  - From: Matthias Klose <doko@cs.tu-berlin.de>
- Re: Python rexec and Bastion flaws
  - From: Martin Schulze <joey@infodrom.org>

Prev by Date: Re: Need Help with Efforts to Package PreScript 2.2
Next by Date: Re: Python rexec and Bastion flaws
Previous by thread: Re: Need Help with Efforts to Package PreScript 2.2
Next by thread: Re: Python rexec and Bastion flaws
Index(es):
- Date
- Thread