Path: csiph.com!usenet.pasdenom.info!news.albasani.net!newsfeed.freenet.ag!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <ian.g.kelly@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.001
X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'python.': 0.02; 'important,': 0.07; 'python': 0.09; '%s",': 0.09; '-rf': 0.09; 'command.': 0.09; 'empty,': 0.09; 'script,': 0.09; 'subject:error': 0.11; 'subject:python': 0.11; 'assume': 0.11; 'charset:iso-8859-7': 0.15; '"python': 0.16; "'';": 0.16; 'argument.': 0.16; 'doesnt': 0.16; 'subject:when': 0.16; 'substituted': 0.16; 'wrote:': 0.17; 'script.': 0.17; 'shell': 0.18; '>>>': 0.18; 'variable': 0.20; 'do.': 0.21; 'second': 0.24; 'command': 0.24; 'script': 0.24; 'pass': 0.25; 'header:In-Reply- To:1': 0.25; 'message-id:@mail.gmail.com': 0.27; 'options': 0.27; 'all.': 0.28; 'run': 0.28; "d'aprano": 0.29; 'steven': 0.29; 'ends': 0.30; 'fri,': 0.30; 'gets': 0.32; 'system,': 0.32; 'file': 0.32; 'info': 0.32; 'to:addr:python-list': 0.33; 'received:google.com': 0.34; 'third': 0.34; 'server': 0.35; 'exist': 0.35; 'pm,': 0.35; 'next': 0.35; 'received:74.125': 0.36; 'be.': 0.36; 'should': 0.36; 'does': 0.37; 'option': 0.37; 'passed': 0.37; 'subject:: ': 0.38; 'perform': 0.38; 'fact': 0.38; 'nothing': 0.38; 'page': 0.38; 'instead': 0.39; 'to:addr:python.org': 0.39; 'where': 0.40; 'matter': 0.61; 'first': 0.61; 'here': 0.65; '2013': 0.84; 'payload': 0.84; 'to:name:python': 0.84; '\xcc\xe1\xf1\xf4\xdf\xef\xf5': 0.84
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:mime-version:in-reply-to:references:from:date:message-id :subject:to:content-type:content-transfer-encoding; bh=PODTyroDZRMfvwhST4wC2C4y1LbEEIHs/Q0B78oo9Xo=; b=yeVtty6GeOy7q2P/yDYs6Xp/s5EaaDL1oYAFDS9aAO1gLE3doWCNa3W6kjronY3HGI Fu+ay3r/dPDaVYSyWfzVm3c46ubJUQ21D2Fb1toLclFcSDuDW6UQOo6aX1h0+qzYjYMA iVADi6Auvh745l8KmXKPeoUPfuu9/Qma3Zcft+sciHE4/rVgajczVMpSd+U0XlX8jM7T tvoakIrmLcgtt9amN6KX3+fuUxfhMOjMT2+eOYXGMy+ObozFg7PGNKAbf+to/MyNND8w ojDiVsYy44uK+s+6rPTl7tfaKCLhBd8tsofNh2nOV0KxOa/5WRuBfq+nCBqD0bKf/QnT cVhQ==
X-Received: by 10.14.179.5 with SMTP id g5mr10796292eem.41.1362788362901; Fri, 08 Mar 2013 16:19:22 -0800 (PST)
MIME-Version: 1.0
In-Reply-To: <ef9369f3-f019-4302-836c-15cf58ffb58b@googlegroups.com>
References: <8e17232e-5b24-4040-9215-c4bd89f34fa2@googlegroups.com> <622d4a2d-0014-4254-b211-c8fd66510f74@googlegroups.com> <c2a09443-3c74-477b-af9f-a6f3473ebe88@googlegroups.com> <mailman.3029.1362669207.2939.python-list@python.org> <e63776b9-ba74-4349-9538-7fe95323d4be@googlegroups.com> <mailman.3033.1362670392.2939.python-list@python.org> <33f153b4-4f54-429a-a92d-387b679bf758@googlegroups.com> <20130307105137.a6cae268f7f074fbf5017b1d@lavabit.com> <CAPM-O+w_=e6FA8CA8W_UgxGXebXqNOqFWAf0BXa7FwRe6XYWgQ@mail.gmail.com> <mailman.3048.1362684995.2939.python-list@python.org> <0074be2d-1f52-4626-bf53-fd9591f16bf7@googlegroups.com> <mailman.3050.1362687355.2939.python-list@python.org> <98cd9065-94b0-4fb6-b2fd-6ed96880242d@googlegroups.com> <mailman.3066.1362714922.2939.python-list@python.org> <513a33d7$0$30001$c3e8da3$5496439d@news.astraweb.com> <ef9369f3-f019-4302-836c-15cf58ffb58b@googlegroups.com>
From: Ian Kelly <ian.g.kelly@gmail.com>
Date: Fri, 8 Mar 2013 17:18:42 -0700
Subject: Re: An error when i switched from python v2.6.6 => v3.2.3
To: Python <python-list@python.org>
Content-Type: text/plain; charset=ISO-8859-7
Content-Transfer-Encoding: quoted-printable
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.3107.1362788364.2939.python-list@python.org>
Lines: 36
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1362788364 news.xs4all.nl 6952 [2001:888:2000:d::a6]:35135
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:40911

On Fri, Mar 8, 2013 at 1:54 PM,  <nagia.retsina@gmail.com> wrote:
> =D4=E7 =D0=E1=F1=E1=F3=EA=E5=F5=DE, 8 =CC=E1=F1=F4=DF=EF=F5 2013 8:54:15 =
=EC.=EC. UTC+2, =EF =F7=F1=DE=F3=F4=E7=F2 Steven D'Aprano =DD=E3=F1=E1=F8=
=E5:
>
>> >>> -c ''; rm -rf /; oops.py
>
>> Please don't tell the newbies to destroy their system, no matter how
>> tempting it might be.
>
> What that "-c ''" options i keep seeing in the attempts to pass bogus inf=
o in my 'page' variable?
>
> And hows oops.py relevant? Such file doesnt nto exist in my webssever.

The command that gets run is "python %s > %s", where the page variable
is substituted in for the first %s.  If you perform that substitution,
you will get:

python -c ''; rm -rf /; oops.py > /path/to/some/temp/file

So the -c is an option to Python.  It means that instead of reading a
script, Python should run commands passed on the command line in the
next argument.  That's the ''.  It's empty, so what this instructs
Python is to do nothing at all.

The second command in this shell script is "rm -rf /".  I assume you
know what that would do.

The third command is "oops.py > /path/to/some/tempfile".  The fact
that oops.py does not exist is not important, because the attacker
does not care what this command does.  The payload of the attack was
already delivered in the second command.  The only reason for this is
because it ends in .py, which is what the web server is looking for
when deciding whether to run a script.  The word "oops" here is just
for levity.