[issue5753] CVE-2008-5983 python: untrusted python modules search path
Tomas Hoger
report at bugs.python.org
Tue May 18 16:51:54 CEST 2010
Tomas Hoger <thoger at redhat.com> added the comment:
> My reading of PySys_SetArgv is that if argv is NULL, then
> "char *argv0 = argv[0];" will read through NULL and thus will
> segfault on a typical platform.
Right.
> I favor Antoine's approach in
> http://bugs.python.org/file13860/setargvex.patch of adding a new API
> entry point, whilst maximizing compatibilty for all of the code our
> there using the existing entry point.
Sadly, this won't help existing applications affected by this problem, without all of them needing to be changed.
My change proposed in msg90336 won't help either, at least not in all cases. Apps that call PySys_SetArgv with 1, { "myappname", NULL } can still be tricked to add full CWD path at the beginning of sys.path on platforms with realpath().
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue5753>
_______________________________________
More information about the Python-bugs-list
mailing list