best way to ensure './' is at beginning of sys.path?
Grant Edwards
grant.b.edwards at gmail.com
Sat Feb 4 14:12:55 EST 2017
On 2017-02-04, Wildman via Python-list <python-list at python.org> wrote:
>>
>> The next time you are in the /tmp directory looking for something, can
>> you guess what happens when you mistype "ls" as "sl"?
>>
>>> DOS and Windows has searched the current directory since their
>>> beginning. Is that also dangerous?
>>
>> Yes.
>
> Your scenario assumes the malicious user has root access
> to be able to place a file into /tmp.
Nope. /tmp is world-writable.
> And there would have to be some reason why I would be looking around
> in /tmp. After 10 years of using Linux, it hasn't happened yet.
> And last I would have to be a complete idiot.
To have put '.' in your path?
Or to have typed 'sl' by mistake?
> I suppose all that could be a reality, but, how many computers do
> you know of have been compromised in this manor?
I've known a few people over the years who've been caught by that
trick. The "evil" program was always more of a joke and did no real
harm.
--
Grant Edwards grant.b.edwards Yow! JAPAN is a WONDERFUL
at planet -- I wonder if we'll
gmail.com ever reach their level of
COMPARATIVE SHOPPING ...
More information about the Python-list
mailing list