[New-bugs-announce] [issue25288] readline.py file in current directory caused unexpected code execution.
Hiroki Kiyohara
report at bugs.python.org
Thu Oct 1 11:26:41 CEST 2015
New submission from Hiroki Kiyohara:
Running `python` interpreter will import `readline.py` file in current directory.
It causes unexpected code execution.
This problem is reported by 'Japan Vulnerability Notes' as a bug on
Windows version Python http://jvn.jp/jp/JVN49503705/
It says that when we run Windows version python will import `readline.pyd` file in current directory. And it may run unexpected codes with permission assigned to python.exe.
The line causing this problem may be...
https://github.com/python/cpython/blob/2.7/Lib/code.py#L303
Should it be considered as vulnerability of python (or Windows version python)?
----------
messages: 252012
nosy: Hiroki Kiyohara
priority: normal
severity: normal
status: open
title: readline.py file in current directory caused unexpected code execution.
type: security
versions: Python 2.7, Python 3.2, Python 3.3, Python 3.4, Python 3.5, Python 3.6
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue25288>
_______________________________________
More information about the New-bugs-announce
mailing list