Is this a Python 3.x.x bug?


 
Thread Tools Search this Thread
Top Forums Programming Is this a Python 3.x.x bug?
# 1  
Old 06-07-2017
Is this a Python 3.x.x bug?

Following my OSX bash bug discovery the other week what about this baby.

Just to let you guys know, since my post Sinclair Spectrum days where it was impossible to do a syntax error I do a great deal of syntax juggling to see what works on the few languages that I know, and I have done it for years, a form of hacking if you like......

I found this and mentioned it to someone I know on a python list.
NOTE: The help in the second code snippet. It seems that the string length is printed to sys.stderr .
The guy said it was part of the standard library in Version 3.x.x, NOT in Version 2.7.x and lower.

This IS actually in Python 3.x's standard library!? <Shock!>

I don't know about the latest Python 3.6.1 as I have not installed it yet.
The use of Python's exit function here is none standard but it does NOT give an error.
INSTEAD it gives a return code of the string length.
Surely this HAS to be a bug?
Code:
Last login: Wed Jun  7 13:16:13 on ttys000
AMIGA:amiga~> python3.5
Python 3.5.2 (v3.5.2:4def2a2901a5, Jun 26 2016, 10:47:25) 
[GCC 4.2.1 (Apple Inc. build 5666) (dot 3)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import sys
>>> help(sys.stdout.write)

>>> sys.stdout.write("Hello World!\n")
Hello World!
13
>>> exit(sys.stdout.write("Hello World!\n"))
Hello World!
AMIGA:amiga~> echo "$?"
13
AMIGA:amiga~> _

OUCH!
The help(sys.stdout.write) on python3.5.x
Code:
Help on built-in function write:

write(text, /) method of _io.TextIOWrapper instance
    Write string to stream.
    Returns the number of characters written (which is always equal to
    the length of the string).
(END)

Comments anyone?

EDIT:
OSX 10.12.5, default bash terminal running Python 3.5.2 in interactive mode.

Last edited by wisecracker; 06-07-2017 at 10:26 AM.. Reason: Give OS and bash bersion.
# 2  
Old 06-08-2017
Oh dear this is even worse!
It even does it in a called script from a bash script...
Code:
#!/bin/bash
echo "Hello World!"
python3.5 "$HOME/Desktop/Code/Python/PythonRC.py"
echo "Return code is $?..."

Code:
import sys
print("Now in Python script!")
sys.exit(sys.stdout.write("Goodbye World!\n"))

Results, same system as before...
Code:
Last login: Thu Jun  8 14:33:04 on ttys000
AMIGA:amiga~> cd Desktop/Code/Shell
AMIGA:amiga~/Desktop/Code/Shell> chmod 755 PythonRC.sh
AMIGA:amiga~/Desktop/Code/Shell> ./PythonRC.sh
Hello World!
Now in Python script!
Goodbye World!
Return code is 15...
AMIGA:amiga~/Desktop/Code/Shell> _

EDIT:
Makes one wonder what a string greater than 255 characters would give, (wrap around the 255 bash shell boundary). What about returning these values to other languages and OSes?

Last edited by wisecracker; 06-08-2017 at 10:53 AM.. Reason: See EDIT:
# 3  
Old 06-08-2017
For me, python is a large snake, or a flying circus, but what you show above would be the expected behaviour and absolutely makes sense to me. In the languages I know, exit (or similar) can take a value, even from a variable or a function, which becomes the program's "exit code". Why not deploy write's return value of 15? awk example:
Code:
awk 'END {X=7; exit X}'
echo $?
7

For values greater than 255, usually the lower byte is evaluated.
# 4  
Old 06-08-2017
I seem to recall you making a thread about this before, and it was determined that printing the return values to stderr was a feature Python does in interactive mode.

As for it returning 15? It's actually very standard to give exit() a code in most languages, if Python didn't it'd be the weird one. And it is documented, here:

Quote:
The optional argument arg can be an integer giving the exit status (defaulting to zero), or another type of object. If it is an integer, zero is considered “successful termination” and any nonzero value is considered “abnormal termination” by shells and the like. Most systems require it to be in the range 0–127, and produce undefined results otherwise.
Yes, the exit value is communicated to BASH, the calling process, that is its function, to tell it whether the program succeeded or failed.

Last edited by Corona688; 06-08-2017 at 12:14 PM..
# 5  
Old 06-08-2017
@ RudiC...
How about this then?
Code:
#!/bin/bash
echo "Inside bash shell here."
python3.5 "$HOME/Desktop/Code/Python/exit_malicious.py"
echo "Back inside bash shell with exit code $?..."

Code:
import os
print("Inside the Python script.")
text=10
text=input("Enter your text:- ")
exit(os.system(text))
print("This will never be reached...")

Result:-
Code:
Last login: Thu Jun  8 18:43:20 on ttys000
AMIGA:amiga~> cd Desktop/Code/Shell
AMIGA:amiga~/Desktop/Code/Shell> chmod 755 exit_malicious.sh
AMIGA:amiga~/Desktop/Code/Shell> ./exit_malicious.sh
Inside bash shell here.
Inside the Python script.
Enter your text:- echo "Launch my malicious code here whilst exiting Python..."
Launch my malicious code here whilst exiting Python...
Back inside bash shell with exit code 0...
AMIGA:amiga~/Desktop/Code/Shell> _

@Corona688...
No that was something entirely different using the shell's exit, it is on here I will find the pointer.

EDIT:
I appreciate this is hypothetical but if I can create this then a deep professional would know fully how to exploit it.

---------- Post updated at 07:36 PM ---------- Previous update was at 06:58 PM ----------

Quote:
Originally Posted by RudiC
For me, python is a large snake, or a flying circus, but what you show above would be the expected behaviour and absolutely makes sense to me. In the languages I know, exit (or similar) can take a value, even from a variable or a function, which becomes the program's "exit code". Why not deploy write's return value of 15? awk example:
Code:
awk 'END {X=7; exit X}'
echo $?
7

For values greater than 255, usually the lower byte is evaluated.
'END' just hangs on this machine so 'BEGIN' instead.
Hmmm, so this is normal proceedure?
Code:
Last login: Thu Jun  8 19:21:58 on ttys000
AMIGA:amiga~> awk --version
awk version 20070501
AMIGA:amiga~> awk 'BEGIN { x=13; x=system("ls -l"); exit x; }'
total 2120
-rwxr-xr-x   1 amiga  staff  217121 20 May 14:23 06500.sh.txt
-rw-r--r--   1 amiga  staff    5128 22 May 14:16 06500.txt
drwxr-xr-x   3 amiga  staff     102  2 Jan 15:42 Applications
-rw-r--r--   1 amiga  staff   20715  3 Jun 13:47 AudioScope.Circuits
-rw-r--r--   1 amiga  staff     315  3 Jun 13:47 AudioScope.Config
-rw-r--r--   1 amiga  staff  118305  3 Jun 13:47 AudioScope.Manual
-rwxr-xr-x   1 amiga  staff  220419  3 Jun 12:00 AudioScope.sh
-rwxr-xr-x   1 amiga  staff  220418  3 Jun 11:45 AudioScope.sh~
-rw-r--r--   1 amiga  staff  220047 24 May 18:35 AudioScope24-05-2017.sh
-rw-r--r--   1 amiga  staff    6307  3 Jun 13:47 AudioScope_Quick_Start.Notes
drwx------+ 12 amiga  staff     408  3 Jun 20:25 Desktop
drwx------+  8 amiga  staff     272 31 Dec 15:23 Documents
drwx------+ 22 amiga  staff     748  7 Jun 13:12 Downloads
drwx------@ 58 amiga  staff    1972 18 May 18:08 Library
drwx------+  3 amiga  staff     102 24 Oct  2016 Movies
drwx------+  6 amiga  staff     204 14 Dec 22:16 Music
-rwxr-xr-x   1 amiga  staff     751 18 May 17:39 NewCLI
drwx------+  6 amiga  staff     204 16 May 14:23 Pictures
drwxr-xr-x   3 amiga  staff     102 11 Dec 17:34 Programs
drwxr-xr-x+  6 amiga  staff     204 18 May 18:36 Public
drwxr-xr-x  56 amiga  staff    1904 18 May 17:45 Scope
drwxr-xr-x  27 amiga  staff     918  3 Jun 12:01 Temp
drwxr-xr-x   4 amiga  staff     136 14 Oct  2016 URL
-rw-r--r--   1 amiga  staff   28518 31 May 20:00 sample.txt
drwxr-xr-x@ 14 amiga  staff     476  7 Nov  2016 sox-14.4.2
-rwxr-xr-x   1 amiga  staff     751 20 May 09:07 xterm
AMIGA:amiga~> echo "Return code, $?..."
Return code, 0...
AMIGA:amiga~> _


Last edited by wisecracker; 06-08-2017 at 03:37 PM.. Reason: See EDIT.
# 6  
Old 06-08-2017
Quote:
Originally Posted by wisecracker
@ RudiC...
How about this then?
.
.
.
exit(os.system(text))
.
.
.
Back inside bash shell with exit code 0...
I can't tell what value os.system.text will return. Is it a function returning successfully? Certainly not an integer value. I ponder a pointer of which the low order byte is 0.

Quote:
'END' just hangs on this machine so 'BEGIN' instead.
It doesn't "hang", it reads from stdin / tty, so hit a <CTRL>-D as an EOF char.

Quote:
Hmmm, so this is normal proceedure?
Code:
.
.
.
Return code, 0...
AMIGA:amiga~> _

Yes, exactly ls -l completed successfully and returned a 0.

Last edited by RudiC; 06-08-2017 at 05:00 PM.. Reason: typo
# 7  
Old 06-08-2017
Hi RudiC...

So one is allowed to execute code AFTER exit has been called even if it is an ASCII string inside a variable, from awk AND Python and I thought Python was strict, what about Perl and others?
Awk's exit is a statement and Python's is a function.

Maybe it is just me but this should never be allowed to happen if the RC is not an integer. BTW thanks for the Ctrl-D heads up, I had forgotten all about that, however 'ls -l' is still executed.

Hi Corona688...
It was this, it always needs a redirection to a file for it to work however, so nothing like the other two and technically MUCH safer:-
Code:
Last login: Thu Jun  8 21:10:58 on ttys000
AMIGA:amiga~> exit 10 $( ls -l /tmp/ > /tmp/text )
logout
Saving session...
...copying shared history...
...saving history...truncating history files...
...completed.

[Process completed]

Last login: Thu Jun  8 21:11:40 on ttys000
AMIGA:amiga~> cat /tmp/text
total 0
drwx------  3 amiga  wheel  102  8 Jun 18:27 com.apple.launchd.QBBc1cRjqo
drwx------  3 amiga  wheel  102  8 Jun 18:27 com.apple.launchd.iC1FUcCphs
-rw-r--r--  1 amiga  wheel    0  8 Jun 21:12 text
AMIGA:amiga~> _

And yes, I know why the 'text' file_length reads zero, 0.
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. Programming

Create a C source and compile inside Python 1.4.0 to 3.7.0 in Python for ALL? platforms...

Hi all... As you know I like making code backwards compatible for as many platforms as possible. This Python script was in fact dedicated for the AMIGA A1200 using Pythons 1.4.0, 1.5.2, 1.6.0, 2.0.1, and 2.4.6 as that is all we have for varying levels of upgrades from a HDD and 4MB FastRam... (1 Reply)
Discussion started by: wisecracker
1 Replies

2. Windows & DOS: Issues & Discussions

How to execute python script on remote with python way..?

Hi all, I am trying to run below python code for connecting remote windows machine from unix to run an python file exist on that remote windows machine.. Below is the code I am trying: #!/usr/bin/env python import wmi c = wmi.WMI("xxxxx", user="xxxx", password="xxxxxxx")... (1 Reply)
Discussion started by: onenessboy
1 Replies

3. Programming

Interactive Python 3.5+ sys.stdout.write() AND sys.stderr.write() bug?

(Apologies for any typos.) OSX 10.12.3 AND Windows 10. This is for the serious Python experts on at least 3.5.x and above... In script format sys.stdout.write() AND sys.stderr.write() seems to work correctly. Have I found a serious bug in the interactive sys.stdout.write() AND... (2 Replies)
Discussion started by: wisecracker
2 Replies

4. Shell Programming and Scripting

**python** unable to read the background color in python

I am working on requirement on spreadsheet in python scripting. I have a spreadsheet containing cell values and with background color. I am able to read the value value but unable to get the background color of that particular cell. Actually my requirement is to read the cell value along... (1 Reply)
Discussion started by: giridhar276
1 Replies

5. SuSE

"ssh suse-server 'python -V' > python-version.out" not redirecting

Okay, so I have had this problem on openSUSE, and Debian systems now and I am hoping for a little help. I think it has something to do with Python but I couldn't find a proper Python area here. I am trying to redirect the output of "ssh suse-server 'python -V'" to a file. It seems that no matter... (3 Replies)
Discussion started by: Druonysus
3 Replies

6. UNIX for Dummies Questions & Answers

where's the bug?

#!/bin/bash if then #echo "infinite loop" exit 0 fi when I run this file I get the following error: ./test_infinite_loop: line 5: syntax error near unexpected token `fi' ./test_infinite_loop: line 5: `fi' :confused: (4 Replies)
Discussion started by: jon80
4 Replies

7. AIX

bug in 43 ???

xxxxserver# lsattr -El inet0 | grep 255.240.0.0,32.224.0.0,32.78.120.254 | grep '.40' route net,-hopcount,1,-netmask,255.240.0.0,32.224.0.0,32.78.120.254 How this is possible? (1 Reply)
Discussion started by: itik
1 Replies

8. Shell Programming and Scripting

Is it a bug ..?

Hi All, I am using Red Hat Linux on my servers. The problem that I am facing is, sometimes the /opt usage on the server shows used percentage as 100% , when actually it is simply 20%. When I reboot the system, it comes back to 20%.Is this a bug in the system or my settings have gone wrong... (1 Reply)
Discussion started by: nua7
1 Replies
Login or Register to Ask a Question

Featured Tech Videos