-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Get rid of subprocess
#7
Comments
Can you explain in more detail why this is a security issue? What do you mean by "other backdoored modules"? Thanks |
When a module
Not really a security issue within the package itself. It is more that python interpreter is flawed. I have an idea how to make it better, but any manual overrides of taints (absolutely necessary for practiaclly useful modules) will make all the proofs unsound. |
The mere presence of a module importing
subprocess
is a security issue because other backdoored modules can use it to evade static analysisThe text was updated successfully, but these errors were encountered: