New GitHub issue #100971 from isard:<br>
<hr>
<pre>
A student of mine accidentally has found a security issue in python 3.8.10 (at least on two different Ubuntu-derived distributions).
If you create a file called uu.py and any other python file in the same folder, whenever python raises a ValueError the uu.py is executed.
Example:
==================== uu.py ===================
```
import os
print("""
*****************************
*
* Arbitrary code execution! *
*
*****************************
""")
os.system("ls -al")
```
===== suposed-safe-file.py =====
```
number = float(input("Type a number: "))
if number > 0:
print(number, "is positive")
```
If you type a string instead of a number when prompted, a ValueError is raised; however, uu.py is executed before.
-------------- Output ----------------
```
Type a number: a
*****************************
*
* Arbitrary code execution! *
*
*****************************
total 176
drwxrwxr-x 3 1001 1001 4096 de gen. 12 10:10 .
drwxr-xr-x 52 1001 1001 143360 de gen. 12 10:03 ..
drwxrwxr-x 2 1001 1001 4096 de gen. 12 10:10 __pycache__
-rw-rw-r-- 1 1001 1001 89 de gen. 12 10:06 suposed-safe-program.py
-rw-rw-r-- 1 1001 1001 139 de gen. 12 10:10 uu.py
Traceback (most recent call last):
File "suposed-safe-program.py", line 1, in <module>
number = float(input("Type a number: "))
ValueError: could not convert string to float: 'a'
```
</pre>
<hr>
<a href="https://github.com/python/cpython/issues/100971">View on GitHub</a>
<p>Labels: </p>
<p>Assignee: </p>