oss-sec mailing list archives
Re: ipython3 may execute code from the current working directory
From: Georgi Guninski <gguninski () gmail com>
Date: Sun, 25 Jul 2021 18:32:43 +0300
On Fri, Jul 23, 2021 at 11:43 PM Mats Wichmann <mats () wichmann us> wrote:
there have been more than one security concern about the way this makes it possible for untrusted modules to get loaded. [1] https://docs.python.org/3/library/sys.html#sys.path
Is the interactive python shell vulnerable to the same problem: guest3@ubuntu20:~/tests$ cat path.py import sys print(sys.path) guest3@ubuntu20:~/tests$ python3 Python 3.8.10 (default, Jun 2 2021, 10:49:15) [GCC 9.4.0] on linux Type "help", "copyright", "credits" or "license" for more information.
import path
['', '/usr/lib/python38.zip', '/usr/lib/python3.8', '/usr/lib/python3.8/lib-dynload', '/usr/local/lib/python3.8/dist-packages', '/usr/lib/python3/dist-packages']
Current thread:
- ipython3 may execute code from the current working directory Georgi Guninski (Jul 22)
- Re: ipython3 may execute code from the current working directory Jakub Wilk (Jul 22)
- Re: ipython3 may execute code from the current working directory Jakub Wilk (Jul 22)
- Re: ipython3 may execute code from the current working directory Jakub Wilk (Jul 23)
- Re: ipython3 may execute code from the current working directory Mats Wichmann (Jul 23)
- Re: ipython3 may execute code from the current working directory Jakub Wilk (Jul 24)
- Re: ipython3 may execute code from the current working directory Georgi Guninski (Jul 25)
- Re: ipython3 may execute code from the current working directory Jakub Wilk (Jul 22)