[issue5753] CVE-2008-5983 python: untrusted python modules search path

"Martin v. Löwis" <report@bugs.python.org> at psf.upfronthosting.co.za "Martin v. Löwis" <report@bugs.python.org> at psf.upfronthosting.co.za
Wed May 6 23:10:43 CEST 2009


Martin v. Löwis <martin at v.loewis.de> added the comment:

> It suggests to me that somewhere there's some documentation, or an
> example, that says "this is the right way to embed python, call this
> function".

That may be an explanation. However, it would be immensely useful
to know for sure, from the original authors of one or two such
applications. Perhaps there is some issue that I'm missing (e.g.
too much stuff crashes if sys.argv is empty - but what stuff
could that be?)

IOW, I *really* want to understand what's happening before fixing
it. This is a security issue, after all.

----------

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue5753>
_______________________________________


More information about the Python-bugs-list mailing list