Vinay Sajip avatar Vinay Sajip committed f30b49a

Issue #15445: Updated logging configuration documentation to highlight potential security risk posed by listen() in certain scenarios.

Comments (0)

Files changed (1)

Doc/library/logging.config.rst

    send it to the socket as a string of bytes preceded by a four-byte length
    string packed in binary using ``struct.pack('>L', n)``.
 
+   .. note:: Because portions of the configuration are passed through
+      :func:`eval`, use of this function may open its users to a security risk.
+      While the function only binds to a socket on ``localhost``, and so does
+      not accept connections from remote machines, there are scenarios where
+      untrusted code could be run under the account of the process which calls
+      :func:`listen`. Specifically, if the process calling :func:`listen` runs
+      on a multi-user machine where users cannot trust each other, then a
+      malicious user could arrange to run essentially arbitrary code in a
+      victim user's process, simply by connecting to the victim's
+      :func:`listen` socket and sending a configuration which runs whatever
+      code the attacker wants to have executed in the victim's process. This is
+      especially easy to do if the default port is used, but not hard even if a
+      different port is used).
 
 .. function:: stopListening()
 
 :class:`Formatter` subclass.  Subclasses of :class:`Formatter` can present
 exception tracebacks in an expanded or condensed format.
 
+.. note:: Due to the use of :func:`eval` as described above, there are
+   potential security risks which result from using the :func:`listen` to send
+   and receive configurations via sockets. The risks are limited to where
+   multiple users with no mutual trust run code on the same machine; see the
+   :func:`listen` documentation for more information.
+
 .. seealso::
 
    Module :mod:`logging`
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.