oss-sec mailing list archives
Re: ipython3 may execute code from the current working directory
From: Jakub Wilk <jwilk () jwilk net>
Date: Thu, 22 Jul 2021 13:35:45 +0200
* Georgi Guninski <gguninski () gmail com>, 2021-07-22, 11:52:
Summary: under certain circumstances, ipython3 may execute code from the current working directory.
Looks like this might be intentional? Or at least there's an option to turn off this behavior:
https://github.com/ipython/ipython/blob/7.25.0/IPython/core/shellapp.py#L219 https://ipython.readthedocs.io/en/stable/config/options/kernel.html#configtrait-InteractiveShellApp.ignore_cwdHowever, in some Debian packages (at least 5.8.0-1 from Debian buster), even --ignore-cwd doesn't help, because /usr/bin/python3 looks like this:
VERSION="3"
if [ ! -f /usr/bin/python$VERSION ]
then
echo "Please install the python$VERSION package." >&2
exit 1
else
exec python$VERSION -c "import sys; sys.argv[0] = '/usr/bin/ipython$VERSION'; from IPython.terminal.ipapp import
launch_new_instance; launch_new_instance()" "$@"
fi
But "python3 -c" adds cwd to sys.path.
--
Jakub Wilk
Current thread:
- ipython3 may execute code from the current working directory Georgi Guninski (Jul 22)
- Re: ipython3 may execute code from the current working directory Jakub Wilk (Jul 22)
- Re: ipython3 may execute code from the current working directory Jakub Wilk (Jul 22)
- Re: ipython3 may execute code from the current working directory Jakub Wilk (Jul 23)
- Re: ipython3 may execute code from the current working directory Mats Wichmann (Jul 23)
- Re: ipython3 may execute code from the current working directory Jakub Wilk (Jul 24)
- Re: ipython3 may execute code from the current working directory Georgi Guninski (Jul 25)
- Re: ipython3 may execute code from the current working directory Jakub Wilk (Jul 22)