webbrowser module + urls ending in .py = a security hole?
Blair P. Houghton
blair.houghton at gmail.com
Thu Feb 2 11:47:10 EST 2006
Blair P. Houghton wrote:
> Which makes it no security hole at
> all, it would seem...
Well, no, that's a little strong. No *new* security hole, maybe. It
would be on the order of having ./ in the PATH for root, and getting
trapped by a hacker who named his rootkit "ls" or "pwd". I.e., it puts
the onus on the caller user of determining what file is really being
accessed and what's really in it before it's ever opened for default
action.
So it's an insecurity that produces an annoyance that maybe could be
handled by the webbrowser.py module...
--Blair
More information about the Python-list
mailing list