New submission from Charles-François Natali:
On Unix, CGIHTTPRequestHandler.run_cgi() uses the following code to run a CGI
script:
"""
pid = os.fork()
[...]
# Child
try:
try:
os.setuid(nobody)
except OSError:
pass
os.dup2(self.rfile.fileno(), 0)
os.dup2(self.wfile.fileno(), 1)
os.execve(scriptfile, args, env)
"""
It's basically reimplementing subprocess.Popen, with a potential securiy issue:
open file descriptors are not closed before exec, which means that the CGI
script - which is run as 'nobody' on Unix to reduce its priviledges - can
inherit open sockets or files (unless they're close-on-exec)...
The attached patch rewrites run_cgi() to use subprocess on all platorms.
I'm not at all familiar with CGI, so I don't guarantee it's correct, but the
regression test test_httpservers passes on Linux.
It leads to cleaner and safer code, so if someone with some httpsever/CGI
background could review it, it would be great.
----------
files: cgi_subprocess.diff
keywords: needs review, patch
messages: 179797
nosy: neologix
priority: normal
severity: normal
stage: patch review
status: open
title: rewrite CGIHTTPRequestHandler to always use subprocess
type: behavior
versions: Python 3.4
Added file: http://bugs.python.org/file28706/cgi_subprocess.diff
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue16945>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
