[Python-Dev] Extending startup code: PEP needed?

Guido van Rossum guido@python.org
Mon, 08 Jan 2001 17:23:02 -0500

> I was thinking an attack where knowledge of common temporary
> execution locations is used to trick Python into executing
> untrusted code -- the untrusted code would only have to be
> copied to the known temporary execution directory and then
> gets executed by Python next time the program using the temporary
> location is invoked.

When does Python execute code from a predictable common temporary
location?  When is that likely to be used from a Python script running
as root?

Note that if you use tempfile.TemporaryFile(), you can create a
temporary file that's not subvertible.

--Guido van Rossum (home page: http://www.python.org/~guido/)