Re: Python rexec and Bastion flaws
Bastian Kleineidam writes:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> I just read this Post from Guido van Rossum[1] that the rexec.py and
> Bastian.py modules have severe security flaws. These modules will be
> disabled in the next 2.2 and 2.3 releases to avoid security risks.
> [1] http://groups.google.com/groups?selm=mailman.1041875417.12807.clpa-moderators%40python.org
>
> I suggest to disable the above two modules in python2.2 (which is in
> woody), even if existing applications can break. What do you think?
as long as the upgrade situation is not resolved (new versions in
security and woody-proposed-updates), an upload does not make any
sense.
what about providing a patch to _ask_ the user, if the two modules
should be installed? (no, I don't write it).
Reply to: