[issue16248] Security bug in tkinter allows for untrusted, arbitrary code execution.
Antoine Pitrou
report at bugs.python.org
Thu Nov 1 20:55:34 CET 2012
Antoine Pitrou added the comment:
As Zachary and Ramchandra explained, the security issue is obvious: a non-sudoer user A can make a sudoer user B execute arbitrary code, simply by placing a file where IDLE will be run from.
This is the same reason Python has -s and -E options. The least we could do would be to disable readprofile() when sys.flags.ignore_environment is true.
----------
nosy: +pitrou
versions: +Python 2.7, Python 3.2, Python 3.3, Python 3.4
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue16248>
_______________________________________
More information about the Python-bugs-list
mailing list