Unix/Linux Go Back    


Programming Post questions about C, C++, Java, SQL, and other programming languages here.

Is this a Python 3.x.x bug?

Programming


Closed    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 06-07-2017   -   Original Discussion by wisecracker
wisecracker's Unix or Linux Image
wisecracker wisecracker is offline
Registered User
 
Join Date: Jan 2013
Last Activity: 11 December 2017, 5:48 PM EST
Location: Loughborough
Posts: 1,230
Thanks: 371
Thanked 325 Times in 255 Posts
Is this a Python 3.x.x bug?

Following my OSX bash bug discovery the other week what about this baby.

Just to let you guys know, since my post Sinclair Spectrum days where it was impossible to do a syntax error I do a great deal of syntax juggling to see what works on the few languages that I know, and I have done it for years, a form of hacking if you like......

I found this and mentioned it to someone I know on a python list.
NOTE: The help in the second code snippet. It seems that the string length is printed to sys.stderr .
The guy said it was part of the standard library in Version 3.x.x, NOT in Version 2.7.x and lower.

This IS actually in Python 3.x's standard library!? <Shock!>

I don't know about the latest Python 3.6.1 as I have not installed it yet.
The use of Python's exit function here is none standard but it does NOT give an error.
INSTEAD it gives a return code of the string length.
Surely this HAS to be a bug?

Code:
Last login: Wed Jun  7 13:16:13 on ttys000
AMIGA:amiga~> python3.5
Python 3.5.2 (v3.5.2:4def2a2901a5, Jun 26 2016, 10:47:25) 
[GCC 4.2.1 (Apple Inc. build 5666) (dot 3)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import sys
>>> help(sys.stdout.write)

>>> sys.stdout.write("Hello World!\n")
Hello World!
13
>>> exit(sys.stdout.write("Hello World!\n"))
Hello World!
AMIGA:amiga~> echo "$?"
13
AMIGA:amiga~> _

OUCH!
The help(sys.stdout.write) on python3.5.x

Code:
Help on built-in function write:

write(text, /) method of _io.TextIOWrapper instance
    Write string to stream.
    Returns the number of characters written (which is always equal to
    the length of the string).
(END)

Comments anyone?

EDIT:
OSX 10.12.5, default bash terminal running Python 3.5.2 in interactive mode.

Last edited by wisecracker; 06-07-2017 at 10:26 AM.. Reason: Give OS and bash bersion.
Sponsored Links
    #2  
Old Unix and Linux 06-08-2017   -   Original Discussion by wisecracker
wisecracker's Unix or Linux Image
wisecracker wisecracker is offline
Registered User
 
Join Date: Jan 2013
Last Activity: 11 December 2017, 5:48 PM EST
Location: Loughborough
Posts: 1,230
Thanks: 371
Thanked 325 Times in 255 Posts
Oh dear this is even worse!
It even does it in a called script from a bash script...

Code:
#!/bin/bash
echo "Hello World!"
python3.5 "$HOME/Desktop/Code/Python/PythonRC.py"
echo "Return code is $?..."


Code:
import sys
print("Now in Python script!")
sys.exit(sys.stdout.write("Goodbye World!\n"))

Results, same system as before...

Code:
Last login: Thu Jun  8 14:33:04 on ttys000
AMIGA:amiga~> cd Desktop/Code/Shell
AMIGA:amiga~/Desktop/Code/Shell> chmod 755 PythonRC.sh
AMIGA:amiga~/Desktop/Code/Shell> ./PythonRC.sh
Hello World!
Now in Python script!
Goodbye World!
Return code is 15...
AMIGA:amiga~/Desktop/Code/Shell> _

EDIT:
Makes one wonder what a string greater than 255 characters would give, (wrap around the 255 bash shell boundary). What about returning these values to other languages and OSes?

Last edited by wisecracker; 06-08-2017 at 10:53 AM.. Reason: See EDIT:
Sponsored Links
    #3  
Old Unix and Linux 06-08-2017   -   Original Discussion by wisecracker
RudiC's Unix or Linux Image
RudiC RudiC is online now Forum Staff  
Moderator
 
Join Date: Jul 2012
Last Activity: 13 December 2017, 1:42 PM EST
Location: Aachen, Germany
Posts: 11,794
Thanks: 339
Thanked 3,659 Times in 3,357 Posts
For me, python is a large snake, or a flying circus, but what you show above would be the expected behaviour and absolutely makes sense to me. In the languages I know, exit (or similar) can take a value, even from a variable or a function, which becomes the program's "exit code". Why not deploy write's return value of 15? awk example:

Code:
awk 'END {X=7; exit X}'
echo $?
7

For values greater than 255, usually the lower byte is evaluated.
    #4  
Old Unix and Linux 06-08-2017   -   Original Discussion by wisecracker
Corona688's Unix or Linux Image
Corona688 Corona688 is offline Forum Staff  
Mead Rotor
 
Join Date: Aug 2005
Last Activity: 13 December 2017, 10:16 AM EST
Location: Saskatchewan
Posts: 22,546
Thanks: 1,159
Thanked 4,286 Times in 3,955 Posts
I seem to recall you making a thread about this before, and it was determined that printing the return values to stderr was a feature Python does in interactive mode.

As for it returning 15? It's actually very standard to give exit() a code in most languages, if Python didn't it'd be the weird one. And it is documented, here:

Quote:
The optional argument arg can be an integer giving the exit status (defaulting to zero), or another type of object. If it is an integer, zero is considered “successful termination” and any nonzero value is considered “abnormal termination” by shells and the like. Most systems require it to be in the range 0–127, and produce undefined results otherwise.
Yes, the exit value is communicated to BASH, the calling process, that is its function, to tell it whether the program succeeded or failed.

Last edited by Corona688; 06-08-2017 at 12:14 PM..
Sponsored Links
    #5  
Old Unix and Linux 06-08-2017   -   Original Discussion by wisecracker
wisecracker's Unix or Linux Image
wisecracker wisecracker is offline
Registered User
 
Join Date: Jan 2013
Last Activity: 11 December 2017, 5:48 PM EST
Location: Loughborough
Posts: 1,230
Thanks: 371
Thanked 325 Times in 255 Posts
@ RudiC...
How about this then?

Code:
#!/bin/bash
echo "Inside bash shell here."
python3.5 "$HOME/Desktop/Code/Python/exit_malicious.py"
echo "Back inside bash shell with exit code $?..."


Code:
import os
print("Inside the Python script.")
text=10
text=input("Enter your text:- ")
exit(os.system(text))
print("This will never be reached...")

Result:-

Code:
Last login: Thu Jun  8 18:43:20 on ttys000
AMIGA:amiga~> cd Desktop/Code/Shell
AMIGA:amiga~/Desktop/Code/Shell> chmod 755 exit_malicious.sh
AMIGA:amiga~/Desktop/Code/Shell> ./exit_malicious.sh
Inside bash shell here.
Inside the Python script.
Enter your text:- echo "Launch my malicious code here whilst exiting Python..."
Launch my malicious code here whilst exiting Python...
Back inside bash shell with exit code 0...
AMIGA:amiga~/Desktop/Code/Shell> _

@Corona688...
No that was something entirely different using the shell's exit, it is on here I will find the pointer.

EDIT:
I appreciate this is hypothetical but if I can create this then a deep professional would know fully how to exploit it.

---------- Post updated at 07:36 PM ---------- Previous update was at 06:58 PM ----------

Quote:
Originally Posted by RudiC View Post
For me, python is a large snake, or a flying circus, but what you show above would be the expected behaviour and absolutely makes sense to me. In the languages I know, exit (or similar) can take a value, even from a variable or a function, which becomes the program's "exit code". Why not deploy write's return value of 15? awk example:

Code:
awk 'END {X=7; exit X}'
echo $?
7

For values greater than 255, usually the lower byte is evaluated.
'END' just hangs on this machine so 'BEGIN' instead.
Hmmm, so this is normal proceedure?

Code:
Last login: Thu Jun  8 19:21:58 on ttys000
AMIGA:amiga~> awk --version
awk version 20070501
AMIGA:amiga~> awk 'BEGIN { x=13; x=system("ls -l"); exit x; }'
total 2120
-rwxr-xr-x   1 amiga  staff  217121 20 May 14:23 06500.sh.txt
-rw-r--r--   1 amiga  staff    5128 22 May 14:16 06500.txt
drwxr-xr-x   3 amiga  staff     102  2 Jan 15:42 Applications
-rw-r--r--   1 amiga  staff   20715  3 Jun 13:47 AudioScope.Circuits
-rw-r--r--   1 amiga  staff     315  3 Jun 13:47 AudioScope.Config
-rw-r--r--   1 amiga  staff  118305  3 Jun 13:47 AudioScope.Manual
-rwxr-xr-x   1 amiga  staff  220419  3 Jun 12:00 AudioScope.sh
-rwxr-xr-x   1 amiga  staff  220418  3 Jun 11:45 AudioScope.sh~
-rw-r--r--   1 amiga  staff  220047 24 May 18:35 AudioScope24-05-2017.sh
-rw-r--r--   1 amiga  staff    6307  3 Jun 13:47 AudioScope_Quick_Start.Notes
drwx------+ 12 amiga  staff     408  3 Jun 20:25 Desktop
drwx------+  8 amiga  staff     272 31 Dec 15:23 Documents
drwx------+ 22 amiga  staff     748  7 Jun 13:12 Downloads
drwx------@ 58 amiga  staff    1972 18 May 18:08 Library
drwx------+  3 amiga  staff     102 24 Oct  2016 Movies
drwx------+  6 amiga  staff     204 14 Dec 22:16 Music
-rwxr-xr-x   1 amiga  staff     751 18 May 17:39 NewCLI
drwx------+  6 amiga  staff     204 16 May 14:23 Pictures
drwxr-xr-x   3 amiga  staff     102 11 Dec 17:34 Programs
drwxr-xr-x+  6 amiga  staff     204 18 May 18:36 Public
drwxr-xr-x  56 amiga  staff    1904 18 May 17:45 Scope
drwxr-xr-x  27 amiga  staff     918  3 Jun 12:01 Temp
drwxr-xr-x   4 amiga  staff     136 14 Oct  2016 URL
-rw-r--r--   1 amiga  staff   28518 31 May 20:00 sample.txt
drwxr-xr-x@ 14 amiga  staff     476  7 Nov  2016 sox-14.4.2
-rwxr-xr-x   1 amiga  staff     751 20 May 09:07 xterm
AMIGA:amiga~> echo "Return code, $?..."
Return code, 0...
AMIGA:amiga~> _


Last edited by wisecracker; 06-08-2017 at 03:37 PM.. Reason: See EDIT.
Sponsored Links
    #6  
Old Unix and Linux 06-08-2017   -   Original Discussion by wisecracker
RudiC's Unix or Linux Image
RudiC RudiC is online now Forum Staff  
Moderator
 
Join Date: Jul 2012
Last Activity: 13 December 2017, 1:42 PM EST
Location: Aachen, Germany
Posts: 11,794
Thanks: 339
Thanked 3,659 Times in 3,357 Posts
Quote:
Originally Posted by wisecracker View Post
@ RudiC...
How about this then?
.
.
.
exit(os.system(text))
.
.
.
Back inside bash shell with exit code 0...
I can't tell what value os.system.text will return. Is it a function returning successfully? Certainly not an integer value. I ponder a pointer of which the low order byte is 0.

Quote:
'END' just hangs on this machine so 'BEGIN' instead.
It doesn't "hang", it reads from stdin / tty, so hit a <CTRL>-D as an EOF char.

Quote:
Hmmm, so this is normal proceedure?

Code:
.
.
.
Return code, 0...
AMIGA:amiga~> _

Yes, exactly ls -l completed successfully and returned a 0.

Last edited by RudiC; 06-08-2017 at 05:00 PM.. Reason: typo
Sponsored Links
    #7  
Old Unix and Linux 06-08-2017   -   Original Discussion by wisecracker
wisecracker's Unix or Linux Image
wisecracker wisecracker is offline
Registered User
 
Join Date: Jan 2013
Last Activity: 11 December 2017, 5:48 PM EST
Location: Loughborough
Posts: 1,230
Thanks: 371
Thanked 325 Times in 255 Posts
Hi RudiC...

So one is allowed to execute code AFTER exit has been called even if it is an ASCII string inside a variable, from awk AND Python and I thought Python was strict, what about Perl and others?
Awk's exit is a statement and Python's is a function.

Maybe it is just me but this should never be allowed to happen if the RC is not an integer. BTW thanks for the Ctrl-D heads up, I had forgotten all about that, however 'ls -l' is still executed.

Hi Corona688...
It was this, it always needs a redirection to a file for it to work however, so nothing like the other two and technically MUCH safer:-

Code:
Last login: Thu Jun  8 21:10:58 on ttys000
AMIGA:amiga~> exit 10 $( ls -l /tmp/ > /tmp/text )
logout
Saving session...
...copying shared history...
...saving history...truncating history files...
...completed.

[Process completed]

Last login: Thu Jun  8 21:11:40 on ttys000
AMIGA:amiga~> cat /tmp/text
total 0
drwx------  3 amiga  wheel  102  8 Jun 18:27 com.apple.launchd.QBBc1cRjqo
drwx------  3 amiga  wheel  102  8 Jun 18:27 com.apple.launchd.iC1FUcCphs
-rw-r--r--  1 amiga  wheel    0  8 Jun 21:12 text
AMIGA:amiga~> _

And yes, I know why the 'text' file_length reads zero, 0.
Sponsored Links
Closed

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
**python** unable to read the background color in python giridhar276 Shell Programming and Scripting 1 08-05-2014 03:53 AM
"ssh suse-server 'python -V' > python-version.out" not redirecting Druonysus SuSE 3 02-13-2013 09:59 PM
Python: bash-shell-like less functionality in the python shell Narnie Programming 0 06-25-2010 03:11 PM
what is python? kprescod4158 Shell Programming and Scripting 1 11-20-2007 08:58 PM



All times are GMT -4. The time now is 02:55 PM.