[Python-Dev] Extending startup code: PEP needed?

M.-A. Lemburg mal@lemburg.com
Tue, 09 Jan 2001 08:23:42 +0100

Guido van Rossum wrote:
> > I was thinking an attack where knowledge of common temporary
> > execution locations is used to trick Python into executing
> > untrusted code -- the untrusted code would only have to be
> > copied to the known temporary execution directory and then
> > gets executed by Python next time the program using the temporary
> > location is invoked.
> When does Python execute code from a predictable common temporary
> location?  When is that likely to be used from a Python script running
> as root?
> Note that if you use tempfile.TemporaryFile(), you can create a
> temporary file that's not subvertible.

It's not Python itself that's running temporary files. Tools
like distutils, RPM, etc. tend to run Python code in temporary
locations during build stages. That's what I was thinking about.
OTOH, root should know where these tools run their code, so
I guess it's moot to discuss who's fault this really is, e.g.
distutils style distributions should never be unzipped to /tmp
for subsequent installation, but nobody will prevent root
from doing so.

Marc-Andre Lemburg
Company:                                        http://www.egenix.com/
Consulting:                                    http://www.lemburg.com/
Python Pages:                           http://www.lemburg.com/python/