Is this a security risk with Python too?

Roman Suzi rnd at onego.ru
Fri Aug 16 15:46:18 CEST 2002


Among numerous security alerts, I saw the following:

------------
Package: tcl/tk                
Date: 08-10-2002

Description:
The tcl/tk package searched for its libraries in the current working
directory before other directories, which could allow local users to
execute arbitrary code by writing Trojan horse library that is under
a user-controlled directory.
------------

Is this true for Python too (in some cases)?

Sincerely yours, Roman Suzi
-- 
rnd at onego.ru =\= My AI powered by Linux RedHat 7.2
aaro at onego.ru <- not to be mailed to





More information about the Python-list mailing list