iSharkFly-Open
/
python-peps
mirror of https://github.com/python/peps.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

PEP 446: add example of vulnerabilities

This commit is contained in:
Victor Stinner 2013-08-10 00:51:14 +02:00
parent 6196392414
commit a3ed1793a7
1 changed files with 33 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
pep-0446.txt
View File

@ -140,19 +140,6 @@ Two common issues with inherited file descriptors:
the server restarts while the program is not done: the server cannot
start because the TCP port is still in use.
Leaking file descriptors is also a well known security vulnerability:
read
`FIO42-C. Ensure files are properly closed when they are no longer
needed
<https://www.securecoding.cert.org/confluence/display/seccode/FIO42-C.+Ensure+files+are+properly+closed+when+they+are+no+longer+needed>`_
of the CERT.
An untrusted child process can read sensitive data like passwords and
take control of the parent process though leaked file descriptors. It is
for example a way to escape from a chroot. With a leaked listening
socket, a child process can accept new connections to read sensitive
data.
Example of issues in open source projects:
* `Mozilla (Firefox) <https://bugzilla.mozilla.org/show_bug.cgi?id=147659>`_:
@ -178,6 +165,39 @@ Example of issues in open source projects:
open since 2012-07
Security Vulnerability
----------------------
Leaking file descriptors is also a well known security vulnerability:
read
`FIO42-C. Ensure files are properly closed when they are no longer
needed
<https://www.securecoding.cert.org/confluence/display/seccode/FIO42-C.+Ensure+files+are+properly+closed+when+they+are+no+longer+needed>`_
of the CERT.
An untrusted child process can read sensitive data like passwords and
take control of the parent process though leaked file descriptors. It is
for example a way to escape from a chroot. With a leaked listening
socket, a child process can accept new connections to read sensitive
data.
Example of vulnerabilities:
* `Hijacking Apache https by mod_php
<http://www.securityfocus.com/archive/1/348368>`_ (2003)
* Apache: `Apr should set FD_CLOEXEC if APR_FOPEN_NOCLEANUP is not set
<https://issues.apache.org/bugzilla/show_bug.cgi?id=46425>`_:
fixed in 2009
* PHP: `system() (and similar) don't cleanup opened handles of Apache
<https://bugs.php.net/bug.php?id=38915>`_: open since 2006
* `CWE-403: Exposure of File Descriptor to Unintended Control Sphere
<http://cwe.mitre.org/data/definitions/403.html>`_ (2008)
* `OpenSSH Security Advisory: portable-keysign-rand-helper.adv
<http://www.openssh.com/txt/portable-keysign-rand-helper.adv>`_
(2011)
Issues fixed in the subprocess module
-------------------------------------