[issue16248] Security bug in tkinter allows for untrusted, arbitrary code execution.
mani and ram
report at bugs.python.org
Thu Oct 18 06:55:11 CEST 2012
mani and ram added the comment:
On 17 October 2012 23:46, Guilherme Polo <report at bugs.python.org> wrote:
>
> Guilherme Polo added the comment:
>
> It is a well known fact that the readprofile function uses exec, and it
> has been like that for more than 18 years. The parameters baseName and
> className defines the execution of the files $HOME/.{className}.tcl,
> $HOME/.{className}.py, $HOME/.{baseName}.tcl, and $HOME/.{baseName}.py. The
> function's docstring actually say that.
>
> Said that, I never needed to load custom code during the creation of a Tk
> instance. To me the existence of readprofile is unneeded.
>
> But what is your proposal to the issue ?
>
> ----------
>
> _______________________________________
> Python tracker <report at bugs.python.org>
> <http://bugs.python.org/issue16248>
> _______________________________________
>
Simply remove the readprofile code (it is not documented and I never had to
use it)
----------
nosy: +maniandram
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue16248>
_______________________________________
More information about the Python-bugs-list
mailing list