Is this a security risk with Python too?
Gerhard Häring
gerhard.haering at opus-gmbh.net
Fri Aug 16 11:07:54 EDT 2002
Roman Suzi wrote:
> Among numerous security alerts, I saw the following:
>
> ------------
> Package: tcl/tk
> Date: 08-10-2002
>
> Description:
> The tcl/tk package searched for its libraries in the current working
> directory before other directories, which could allow local users to
> execute arbitrary code by writing Trojan horse library that is under
> a user-controlled directory.
> ------------
>
> Is this true for Python too (in some cases)?
No, unless you explicitely put the working directory into Python's search
path by changing PYTHONPATH or sys.path, for example.
--
Gerhard Häring
OPUS GmbH München
Tel.: +49 89 - 889 49 7 - 32
http://www.opus-gmbh.net/
More information about the Python-list
mailing list