Is this a security risk with Python too?
gerhard.haering at opus-gmbh.net
Fri Aug 16 17:07:54 CEST 2002
Roman Suzi wrote:
> Among numerous security alerts, I saw the following:
> Package: tcl/tk
> Date: 08-10-2002
> The tcl/tk package searched for its libraries in the current working
> directory before other directories, which could allow local users to
> execute arbitrary code by writing Trojan horse library that is under
> a user-controlled directory.
> Is this true for Python too (in some cases)?
No, unless you explicitely put the working directory into Python's search
path by changing PYTHONPATH or sys.path, for example.
OPUS GmbH München
Tel.: +49 89 - 889 49 7 - 32
More information about the Python-list