Re: Python rexec and Bastion flaws
Bastian Kleineidam wrote:
> Hi,
>
> I just read this Post from Guido van Rossum[1] that the rexec.py and
> Bastian.py modules have severe security flaws. These modules will be
> disabled in the next 2.2 and 2.3 releases to avoid security risks.
> [1] http://groups.google.com/groups?selm=mailman.1041875417.12807.clpa-moderators%40python.org
Ouch. It's very sad that upstream says that they don't have the resources
to fix security bugs in a widely used software.
> I suggest to disable the above two modules in python2.2 (which is in
> woody), even if existing applications can break. What do you think?
I'd rather know about the vulnerability (and maybe doko is able to
implement a fix) than to blindly castrate software. Theo d.R. already
taught us that blindly releasing updates are not good.
Regards,
Joey
--
Given enough thrust pigs will fly, but it's not necessarily a good idea.
Reply to: