6 Nov
2002
6 Nov
'02
6:31 a.m.
On Wed, 06 Nov 2002, Steve Waterbury
How is having "." on your PYTHONPATH a serious security hole? (Of course it shouldn't be on _root_'s PYTHONPATH, but how is it bad for a regular user?)
What if you run a Python program from /tmp? One of those smart programs which do something like ''' try: import gtk except ImportError: gtk = None ''' What if some malicious user put a gtk.py in /tmp which does something like ''' open(os.path.expanduser("~/.secret")) os.chmod(os.path.expanduser("~/.secret"), 0777) ''' And to top it all, assume gtk is, indeed, not installed on this system.