[issue23748] platform._uname_cache is writeable
STINNER Victor
report at bugs.python.org
Mon Mar 23 11:43:46 CET 2015
STINNER Victor added the comment:
we are all consenting adults here. Why do you modify a private attribute?
> I am changing the type to security as I dont think this is a behaviour issue.
I don't understand why do you consider that it is a security vulnerability?
>>> import hack_uname
# Someone imports my module unaware of the hack (see attached file)
Your exploit starts by running untrusted Python code. Never do that. The vulnerability is the ability to load unstrusted Python code, not to modify the platform module.
I close the issue as not a bug.
----------
nosy: +haypo
resolution: -> not a bug
status: open -> closed
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue23748>
_______________________________________
More information about the Python-bugs-list
mailing list