oss-sec mailing list archives
Re: ipython3 may execute code from the current working directory
From: Jakub Wilk <jwilk () jwilk net>
Date: Thu, 22 Jul 2021 23:30:27 +0200
* Jakub Wilk <jwilk () jwilk net>, 2021-07-22, 13:35:
* Georgi Guninski <gguninski () gmail com>, 2021-07-22, 11:52:Summary: under certain circumstances, ipython3 may execute code from the current working directory.Looks like this might be intentional? Or at least there's an option to turn off this behavior:https://github.com/ipython/ipython/blob/7.25.0/IPython/core/shellapp.py#L219
BTW, I used https://github.com/jwilk/python-syspath-tracker to locate the code that tampers with sys.path.
However, in some Debian packages (at least 5.8.0-1 from Debian buster), even --ignore-cwd doesn't help, because /usr/bin/python3 looks like this:
Oops, I meant /usr/bin/ipython3 of course. -- Jakub Wilk
Current thread:
- ipython3 may execute code from the current working directory Georgi Guninski (Jul 22)
- Re: ipython3 may execute code from the current working directory Jakub Wilk (Jul 22)
- Re: ipython3 may execute code from the current working directory Jakub Wilk (Jul 22)
- Re: ipython3 may execute code from the current working directory Jakub Wilk (Jul 23)
- Re: ipython3 may execute code from the current working directory Mats Wichmann (Jul 23)
- Re: ipython3 may execute code from the current working directory Jakub Wilk (Jul 24)
- Re: ipython3 may execute code from the current working directory Georgi Guninski (Jul 25)
- Re: ipython3 may execute code from the current working directory Jakub Wilk (Jul 22)