Is this a security risk with Python too?

Gerhard Häring gerhard.haering at opus-gmbh.net
Fri Aug 16 17:07:54 CEST 2002


Roman Suzi wrote:
> Among numerous security alerts, I saw the following:
> 
> ------------
> Package: tcl/tk                
> Date: 08-10-2002
> 
> Description:
> The tcl/tk package searched for its libraries in the current working
> directory before other directories, which could allow local users to
> execute arbitrary code by writing Trojan horse library that is under
> a user-controlled directory.
> ------------
> 
> Is this true for Python too (in some cases)?

No, unless you explicitely put the working directory into Python's search
path by changing PYTHONPATH or sys.path, for example.
-- 
Gerhard Häring
OPUS GmbH München
Tel.: +49 89 - 889 49 7 - 32
http://www.opus-gmbh.net/



More information about the Python-list mailing list