Message 252012 - Python tracker (original) (raw)

Message252012

Author	Hiroki Kiyohara
Recipients	Hiroki Kiyohara
Date	2015-10-01.09:26:41
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	1443691601.94.0.65090362489.issue25288@psf.upfronthosting.co.za
In-reply-to

Content
Running `python` interpreter will import `readline.py` file in current directory. It causes unexpected code execution. This problem is reported by 'Japan Vulnerability Notes' as a bug on Windows version Python http://jvn.jp/jp/JVN49503705/ It says that when we run Windows version python will import `readline.pyd` file in current directory. And it may run unexpected codes with permission assigned to python.exe. The line causing this problem may be... https://github.com/python/cpython/blob/2.7/Lib/code.py#L303 Should it be considered as vulnerability of python (or Windows version python)?

Content

Running `python` interpreter will import `readline.py` file in current directory. It causes unexpected code execution. This problem is reported by 'Japan Vulnerability Notes' as a bug on Windows version Python http://jvn.jp/jp/JVN49503705/ It says that when we run Windows version python will import `readline.pyd` file in current directory. And it may run unexpected codes with permission assigned to python.exe. The line causing this problem may be... https://github.com/python/cpython/blob/2.7/Lib/code.py#L303 Should it be considered as vulnerability of python (or Windows version python)?

History
Date	User	Action	Args
2015-10-01 09:26:41	Hiroki Kiyohara	set	recipients: + Hiroki Kiyohara
2015-10-01 09:26:41	Hiroki Kiyohara	set	messageid: 1443691601.94.0.65090362489.issue25288@psf.upfronthosting.co.za
2015-10-01 09:26:41	Hiroki Kiyohara	link	issue25288 messages
2015-10-01 09:26:41	Hiroki Kiyohara	create