Message 252012 - Python tracker (original) (raw)

Message252012

Author Hiroki Kiyohara
Recipients Hiroki Kiyohara
Date 2015-10-01.09:26:41
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id 1443691601.94.0.65090362489.issue25288@psf.upfronthosting.co.za
In-reply-to
Content
Running `python` interpreter will import `readline.py` file in current directory. It causes unexpected code execution. This problem is reported by 'Japan Vulnerability Notes' as a bug on Windows version Python http://jvn.jp/jp/JVN49503705/ It says that when we run Windows version python will import `readline.pyd` file in current directory. And it may run unexpected codes with permission assigned to python.exe. The line causing this problem may be... https://github.com/python/cpython/blob/2.7/Lib/code.py#L303 Should it be considered as vulnerability of python (or Windows version python)?
History
Date User Action Args
2015-10-01 09:26:41 Hiroki Kiyohara set recipients: + Hiroki Kiyohara
2015-10-01 09:26:41 Hiroki Kiyohara set messageid: 1443691601.94.0.65090362489.issue25288@psf.upfronthosting.co.za
2015-10-01 09:26:41 Hiroki Kiyohara link issue25288 messages
2015-10-01 09:26:41 Hiroki Kiyohara create