[Python-Dev] Extending startup code: PEP needed?

M.-A. Lemburg mal@lemburg.com
Mon, 08 Jan 2001 19:10:50 +0100

Martin von Loewis wrote:
> > Just curious: wouldn't this introduce a /tmp-style problem to
> > Python ?
> I tried, but I could not produce such a problem.
> > The scenario is quite simple: a Python script runs under root.
> > The script could pick up a lingering .pth file (e.g. from /tmp
> > or one of its subdirs -- distutils does this !) and then executes
> > arbitrary code as *root*.
> No, Python looks only in a few places for pth file:
> {<prefix>,<exec_prefix>}{,/lib/python<version>/site-packages,/lib/site-python}
> so it won't pick up pth files in /tmp.

Hmm, but what if the Python script picks up a site.py which is
different from the standard one distributed with Python ?

The code adding (and with the patch: executing) the .pth files
is defined in site.py and it is rather easy to override this
file by adding a modified site.py file to the current working dir...
a potential security hole in its own right, I guess :(

Marc-Andre Lemburg
Company:                                        http://www.egenix.com/
Consulting:                                    http://www.lemburg.com/
Python Pages:                           http://www.lemburg.com/python/