[issue16202] sys.path[0] security issues
Jeroen Demeyer
report at bugs.python.org
Mon Oct 15 22:24:59 CEST 2012
Jeroen Demeyer added the comment:
I should point out that there is also dangerous code in Lib/test/test_subprocess.py in the test_cwd() function. There, the following is executed from /tmp:
python -c 'import sys,os; sys.stdout.write(os.getcwd())'
As Python luckily knows where to import sys and os from, this doesn't seem exploitable, but it should be fixed.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue16202>
_______________________________________
More information about the Python-bugs-list
mailing list