[issue5753] CVE-2008-5983 python: untrusted python modules search path
Tanaka Akira
report at bugs.python.org
Thu Jun 25 01:40:17 CEST 2009
Tanaka Akira <akr at fsij.org> added the comment:
src/if_python.c in vim-7.2 has a comment:
/* Set sys.argv[] to avoid a crash in warn(). */
I think the crash is follows.
% python
Python 2.5.2 (r252:60911, Jan 4 2009, 17:40:26)
[GCC 4.3.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import warnings
>>> warnings.warn("foo")
__main__:1: UserWarning: foo
>>> import sys
>>> sys.argv
['']
>>> sys.argv = []
>>> sys.argv
[]
>>> warnings.warn("foo")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.5/warnings.py", line 54, in warn
filename = sys.argv[0]
IndexError: list index out of range
>>>
----------
nosy: +akr
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue5753>
_______________________________________
More information about the Python-bugs-list
mailing list