Message173000
| Author |
jdemeyer |
| Recipients |
Alan.Williams, Arfrever, benjamin.peterson, christian.heimes, eric.araujo, eric.snow, georg.brandl, hasufell, hynek, iankko, jdemeyer, ncoghlan, robertwb, schmir, tarek, vbraun, vstinner |
| Date |
2012年10月15日.20:24:59 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1350332699.19.0.739265778461.issue16202@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
I should point out that there is also dangerous code in Lib/test/test_subprocess.py in the test_cwd() function. There, the following is executed from /tmp:
python -c 'import sys,os; sys.stdout.write(os.getcwd())'
As Python luckily knows where to import sys and os from, this doesn't seem exploitable, but it should be fixed. |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2012年10月15日 20:24:59 | jdemeyer | set | recipients:
+ jdemeyer, georg.brandl, ncoghlan, vstinner, christian.heimes, schmir, robertwb, benjamin.peterson, tarek, eric.araujo, Arfrever, iankko, eric.snow, hynek, Alan.Williams, vbraun, hasufell |
| 2012年10月15日 20:24:59 | jdemeyer | set | messageid: <1350332699.19.0.739265778461.issue16202@psf.upfronthosting.co.za> |
| 2012年10月15日 20:24:59 | jdemeyer | link | issue16202 messages |
| 2012年10月15日 20:24:59 | jdemeyer | create |
|