Menu
▾
▴
[Jython-bugs] [issue2882] A cmd.exe in the CWD will be executed unexpectedly
|
From: Jeff A. <re...@bu...> - 2020-04-22 18:56:41
|
New submission from Jeff Allen <ja...@fa...>: It is identified in https://github.com/NationalSecurityAgency/ghidra/issues/107 that we call "cmd.exe" without specifying the exact path, and that in the event a cmd.exe exists in the working directory, that will be run instead. This can be a trip hazard when working with dangerous material. PySystemState is blamed in the reference, but a search shows that we mention cmd.exe in the posix module too. And there we should consider removing command.com too :) Almost certainly, the right answer is to use COMSPEC to find it, compare the standard library subprocess.py . In CPython that falls back to "cmd.exe" if COMSPEC is not defined. In Jython it uses the list ultimately defined in enum OS . ---------- keywords: easy messages: 13036 milestone: Jython 2.7.3 nosy: jeff.allen priority: normal severity: normal status: open title: A cmd.exe in the CWD will be executed unexpectedly type: security versions: Jython 2.7.1, Jython 2.7.2 _______________________________________ Jython tracker <re...@bu...> <https://bugs.jython.org/issue2882> _______________________________________ |
