diff options
| author | Vinay Sajip <vinay_sajip@yahoo.co.uk> | 2012-07-25 18:20:32 (GMT) |
|---|---|---|
| committer | Vinay Sajip <vinay_sajip@yahoo.co.uk> | 2012-07-25 18:20:32 (GMT) |
| commit | f7dbb0f64e343c1263b55c51f30ac7877c247cf9 (patch) | |
| tree | 6f72fb122d7eddc2595634d4ef13bd88b1c7119b /Doc/library | |
| parent | 099414875bdfc7eaf5a7c84ab34cd24a489b419e (diff) | |
| parent | 393e23fbb578fff812e44aa71de1a1de01cb1c5b (diff) | |
| download | cpython-f7dbb0f64e343c1263b55c51f30ac7877c247cf9.zip cpython-f7dbb0f64e343c1263b55c51f30ac7877c247cf9.tar.gz cpython-f7dbb0f64e343c1263b55c51f30ac7877c247cf9.tar.bz2 | |
Closes #15445: Merged documentation update from 3.2.
Diffstat (limited to 'Doc/library')
| -rw-r--r-- | Doc/library/logging.config.rst | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/Doc/library/logging.config.rst b/Doc/library/logging.config.rst index b2dd71e..1391ed2 100644 --- a/Doc/library/logging.config.rst +++ b/Doc/library/logging.config.rst @@ -109,6 +109,19 @@ in :mod:`logging` itself) and defining handlers which are declared either in send it to the socket as a string of bytes preceded by a four-byte length string packed in binary using ``struct.pack('>L', n)``. + .. note:: Because portions of the configuration are passed through + :func:`eval`, use of this function may open its users to a security risk. + While the function only binds to a socket on ``localhost``, and so does + not accept connections from remote machines, there are scenarios where + untrusted code could be run under the account of the process which calls + :func:`listen`. Specifically, if the process calling :func:`listen` runs + on a multi-user machine where users cannot trust each other, then a + malicious user could arrange to run essentially arbitrary code in a + victim user's process, simply by connecting to the victim's + :func:`listen` socket and sending a configuration which runs whatever + code the attacker wants to have executed in the victim's process. This is + especially easy to do if the default port is used, but not hard even if a + different port is used). .. function:: stopListening() @@ -694,6 +707,12 @@ The ``class`` entry is optional. It indicates the name of the formatter's class :class:`Formatter` subclass. Subclasses of :class:`Formatter` can present exception tracebacks in an expanded or condensed format. +.. note:: Due to the use of :func:`eval` as described above, there are + potential security risks which result from using the :func:`listen` to send + and receive configurations via sockets. The risks are limited to where + multiple users with no mutual trust run code on the same machine; see the + :func:`listen` documentation for more information. + .. seealso:: Module :mod:`logging` |