Language summit lightning talks

Posted Jun 10, 2017 0:25 UTC (Sat) by nybble41 (subscriber, #55106)
In reply to: Language summit lightning talks by NAR
Parent article: Language summit lightning talks

> So it looks like calling some ioctls is not that complicated, at least on this system.

It might be worth pointing out that Perl also provides a built-in mechanism for invoking raw ioctls on any file descriptor[1], so this issue is hardly specific to Python. If anything, a Perl script to perform ioctls would probably be more likely to work on arbitrary systems than the equivalent Python script. If an attacker can run code of their choice in just about any general-purpose scripting language, you've already lost.

[1] https://perldoc.perl.org/functions/ioctl.html

Language summit lightning talks

Posted Jun 10, 2017 7:22 UTC (Sat) by mjg59 (subscriber, #23239) [Link]

Yeah Python certainly isn't special here, there's any number of interpreted languages that give the same capability. But bash isn't really one of them, and so it's reasonable to distinguish between "arbitrary shell access" and "I can execute a full featured language interpreter"