Skip to content

gh-68966: Document mailcap shell injection vulnerability #92024

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 5 commits into from
Closed

gh-68966: Document mailcap shell injection vulnerability #92024

wants to merge 5 commits into from

Conversation

vstinner
Copy link
Member

No description provided.

@vstinner vstinner requested a review from a team as a code owner April 28, 2022 15:22
@bedevere-bot bedevere-bot added docs Documentation in the Doc dir awaiting core review labels Apr 28, 2022
@vstinner
Copy link
Member Author

As discussed on the (private) Python Security Response Team, we can simply document the shell command injection vulnerability in the mailcap documentation, as we did for other vulnerabilities:

The Python documentation now even has a list of dangerous APIs / known vulnerabilities: https://docs.python.org/dev/library/security_warnings.html

It seems like there is no simple way to fix the #68966 vulnerability without changing the behavior for legit filenames.

@vstinner vstinner mentioned this pull request Apr 28, 2022
Closed
encukou
encukou reviewed Apr 28, 2022
View reviewed changes
Doc/library/mailcap.rst Outdated
Comment on lines 34 to 35
design, the mailcap format uses shell commands. The caller is responsible to
validate the filename. The caller can create temporary filename, using
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not only about the filename. The MIME type and parameter list need to be validated as well.
Also, how should they be validated? That's not clear.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're right, I rephrased the warning.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"The caller is responsible to validate and sanitize input arguments."

@vstinner @JelleZijlstra
Update Doc/library/mailcap.rst
aa6beb5 
Co-authored-by: Jelle Zijlstra <[email protected]>
@vstinner
Copy link
Member Author

vstinner commented Jun 6, 2022

#91993 got merged, I close this issue.

@vstinner vstinner closed this Jun 6, 2022
@vstinner vstinner deleted the mailcap_doc branch June 6, 2022 23:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@encukou encukou encukou left review comments

@JelleZijlstra JelleZijlstra JelleZijlstra left review comments

Assignees
No one assigned
Labels
awaiting core review docs Documentation in the Doc dir skip news
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@vstinner @encukou @JelleZijlstra @bedevere-bot