Message179797
| Author |
neologix |
| Recipients |
neologix |
| Date |
2013年01月12日.14:14:39 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1358000083.64.0.0773347996342.issue16945@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
On Unix, CGIHTTPRequestHandler.run_cgi() uses the following code to run a CGI script:
"""
pid = os.fork()
[...]
# Child
try:
try:
os.setuid(nobody)
except OSError:
pass
os.dup2(self.rfile.fileno(), 0)
os.dup2(self.wfile.fileno(), 1)
os.execve(scriptfile, args, env)
"""
It's basically reimplementing subprocess.Popen, with a potential securiy issue: open file descriptors are not closed before exec, which means that the CGI script - which is run as 'nobody' on Unix to reduce its priviledges - can inherit open sockets or files (unless they're close-on-exec)...
The attached patch rewrites run_cgi() to use subprocess on all platorms.
I'm not at all familiar with CGI, so I don't guarantee it's correct, but the regression test test_httpservers passes on Linux.
It leads to cleaner and safer code, so if someone with some httpsever/CGI background could review it, it would be great. |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2013年01月12日 14:14:44 | neologix | set | recipients:
+ neologix |
| 2013年01月12日 14:14:43 | neologix | set | messageid: <1358000083.64.0.0773347996342.issue16945@psf.upfronthosting.co.za> |
| 2013年01月12日 14:14:43 | neologix | link | issue16945 messages |
| 2013年01月12日 14:14:42 | neologix | create |
|