[Python-Dev] sudo security hole w/ potential Python connection
skip at pobox.com
skip at pobox.com
Tue Jan 10 15:46:22 CET 2006
Got this from a Google alert overnight. It's not really a Python problem
(it's a sudo problem), but it's probably not a bad idea to understand the
implications.
>> SUDO Python Environment Cleaning Privilege Escalation ...
>> Secunia - UK
>> ... This can be exploited by a user with sudo access to a python script
>> to gain access to an interactive python prompt via the "PYTHONINSPECT"
>> environment variable ...
>> <http://secunia.com/advisories/18358/>
Skip
More information about the Python-Dev
mailing list