best way to ensure './' is at beginning of sys.path?
Wildman
best_lay at yahoo.com
Sat Feb 4 13:56:58 EST 2017
On Sat, 04 Feb 2017 18:25:03 +0000, Grant Edwards wrote:
> On 2017-02-04, Wildman via Python-list <python-list at python.org> wrote:
>
>> No, I do not know. You might try your question in a linux specific
>> group. Personally I don't understand the danger in having the dot
>> in the path. The './' only means the current directory.
>
> It allows a malicous user to put an evil executable someplace public
> like /tmp and have it executed accidentally. For example, let's say
> this executable file was named "sl" and placed in /tmp.
>
> ------------------------------sl------------------------------
> #!/bin/bash
> rm -rf $HOME
> --------------------------------------------------------------
>
> The next time you are in the /tmp directory looking for something, can
> you guess what happens when you mistype "ls" as "sl"?
>
>> DOS and Windows has searched the current directory since their
>> beginning. Is that also dangerous?
>
> Yes.
Your scenario assumes the malicious user has root access
to be able to place a file into /tmp. And there would
have to be some reason why I would be looking around in
/tmp. After 10 years of using Linux, it hasn't happened
yet. And last I would have to be a complete idiot.
I suppose all that could be a reality, but, how many
computers do you know of have been compromised in this
manor?
--
<Wildman> GNU/Linux user #557453
The cow died so I don't need your bull!
More information about the Python-list
mailing list