@@ -109,6 +109,19 @@ in :mod:`logging` itself) and defining handlers which are declared either in
109109 send it to the socket as a string of bytes preceded by a four-byte length
110110 string packed in binary using ``struct.pack('>L', n) ``.
111111
112+ .. note :: Because portions of the configuration are passed through
113+ :func: `eval `, use of this function may open its users to a security risk.
114+ While the function only binds to a socket on ``localhost ``, and so does
115+ not accept connections from remote machines, there are scenarios where
116+ untrusted code could be run under the account of the process which calls
117+ :func: `listen `. Specifically, if the process calling :func: `listen ` runs
118+ on a multi-user machine where users cannot trust each other, then a
119+ malicious user could arrange to run essentially arbitrary code in a
120+ victim user's process, simply by connecting to the victim's
121+ :func: `listen ` socket and sending a configuration which runs whatever
122+ code the attacker wants to have executed in the victim's process. This is
123+ especially easy to do if the default port is used, but not hard even if a
124+ different port is used).
112125
113126.. function :: stopListening()
114127
@@ -694,6 +707,12 @@ The ``class`` entry is optional. It indicates the name of the formatter's class
694707:class: `Formatter ` subclass. Subclasses of :class: `Formatter ` can present
695708exception tracebacks in an expanded or condensed format.
696709
710+ .. note :: Due to the use of :func:`eval` as described above, there are
711+ potential security risks which result from using the :func: `listen ` to send
712+ and receive configurations via sockets. The risks are limited to where
713+ multiple users with no mutual trust run code on the same machine; see the
714+ :func: `listen ` documentation for more information.
715+
697716.. seealso ::
698717
699718 Module :mod: `logging `
0 commit comments