Message 174319 - Python tracker

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

In-reply-to
Author	Ramchandra Apte
Recipients	Arfrever, Ramchandra Apte, gpolo, terry.reedy
Date	2012年10月31日.16:30:14
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1351701014.31.0.95417348343.issue16248@psf.upfronthosting.co.za>

Content
I think this is a legitimate security bug. the malicious program needs to create a file with a certain name in the home dir. If a user runs say IDLE (or another tk app) with root priveleges using sudo, the file will be run with root priveleges.

Content

I think this is a legitimate security bug.
the malicious program needs to create a file with a certain name in the home dir.
If a user runs say IDLE (or another tk app) with root priveleges using sudo, the file will be run with root priveleges.

History
Date	User	Action	Args
2012年10月31日 16:30:14	Ramchandra Apte	set	recipients: + Ramchandra Apte, terry.reedy, gpolo, Arfrever
2012年10月31日 16:30:14	Ramchandra Apte	set	messageid: <1351701014.31.0.95417348343.issue16248@psf.upfronthosting.co.za>
2012年10月31日 16:30:14	Ramchandra Apte	link	issue16248 messages
2012年10月31日 16:30:14	Ramchandra Apte	create

homepage