[issue5753] CVE-2008-5983 python: untrusted python modules search path
Antoine Pitrou
report at bugs.python.org
Wed May 6 01:08:23 CEST 2009
Antoine Pitrou <pitrou at free.fr> added the comment:
> The question is whether these are theoretical or real problems.
> I ran gedit (as proposed by Glyph) under strace(1), and it didn't
> try to open any files in the current directory.
You have to use a Python-written gedit plugin for that to happen. For
example, if I enable the "Python console" plugin, I get the following
lines in strace:
17569:open("gconf.so", O_RDONLY) = -1 ENOENT (No such file
or directory)
17570:open("gconfmodule.so", O_RDONLY) = -1 ENOENT (No such file
or directory)
17571:open("gconf.py", O_RDONLY) = -1 ENOENT (No such file
or directory)
17572:open("gconf.pyc", O_RDONLY) = -1 ENOENT (No such file
or directory)
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue5753>
_______________________________________
More information about the Python-bugs-list
mailing list