oss-sec mailing list archives
Re: Potential symlink attack in python3 __pycache__
From: Georgi Guninski <gguninski () gmail com>
Date: Mon, 26 Jul 2021 18:59:30 +0300
On Sat, Jul 24, 2021 at 7:34 PM Michael Orlitzky <michael () orlitzky com> wrote:
When subdirectories of DIR1 are writable by anyone other than the person running the script, you have a bunch of problems: https://bugs.python.org/issue16202
thanks. python3 shell is still vulnerable from modules in the current directory, but some of them like |sys| and |os| can't be spoofed.
Current thread:
- Potential symlink attack in python3 __pycache__ Georgi Guninski (Jul 24)
- Re: Potential symlink attack in python3 __pycache__ Michael Orlitzky (Jul 24)
- Re: Potential symlink attack in python3 __pycache__ Georgi Guninski (Jul 26)
- Re: Potential symlink attack in python3 __pycache__ Santiago Torres (Jul 26)
- Re: Potential symlink attack in python3 __pycache__ Jakub Wilk (Jul 26)
- Re: Potential symlink attack in python3 __pycache__ Georgi Guninski (Jul 26)
- Re: Potential symlink attack in python3 __pycache__ Michael Orlitzky (Jul 24)