Re: Python rexec and Bastion flaws

To: debian-python@lists.debian.org, security@debian.org
Subject: Re: Python rexec and Bastion flaws
From: Martin Schulze <joey@infodrom.org>
Date: Tue, 21 Jan 2003 07:47:11 +0100
Message-id: <20030121064710.GS3088@finlandia.Infodrom.North.DE>
In-reply-to: <20030120211015.GD12749@treasure>
References: <20030120211015.GD12749@treasure>

Bastian Kleineidam wrote:
> Hi,
> 
> I just read this Post from Guido van Rossum[1] that the rexec.py and
> Bastian.py modules have severe security flaws. These modules will be
> disabled in the next 2.2 and 2.3 releases to avoid security risks.
> [1] http://groups.google.com/groups?selm=mailman.1041875417.12807.clpa-moderators%40python.org

Ouch.  It's very sad that upstream says that they don't have the resources
to fix security bugs in a widely used software.

> I suggest to disable the above two modules in python2.2 (which is in
> woody), even if existing applications can break. What do you think?

I'd rather know about the vulnerability (and maybe doko is able to
implement a fix) than to blindly castrate software.  Theo d.R. already
taught us that blindly releasing updates are not good.

Regards,

	Joey

-- 
Given enough thrust pigs will fly, but it's not necessarily a good idea.

Reply to:

Follow-Ups:
- Re: Python rexec and Bastion flaws
  - From: Carey Evans <careye@spamcop.net>
- Re: Python rexec and Bastion flaws
  - From: Neil Schemenauer <nas@python.ca>
- Re: Python rexec and Bastion flaws
  - From: Bastian Kleineidam <calvin@debian.org>

References:
- Python rexec and Bastion flaws
  - From: Bastian Kleineidam <calvin@debian.org>

Prev by Date: Re: Python rexec and Bastion flaws
Next by Date: Re: Python rexec and Bastion flaws
Previous by thread: Re: Python rexec and Bastion flaws
Next by thread: Re: Python rexec and Bastion flaws
Index(es):
- Date
- Thread