best way to ensure './' is at beginning of sys.path?
Dan Sommers
dan at tombstonezero.net
Sat Feb 4 14:17:50 EST 2017
On Sat, 04 Feb 2017 12:56:58 -0600, Wildman wrote:
> On Sat, 04 Feb 2017 18:25:03 +0000, Grant Edwards wrote:
>> It allows a malicous user to put an evil executable someplace public
>> like /tmp and have it executed accidentally. For example, let's say
>> this executable file was named "sl" and placed in /tmp.
>>
>> ------------------------------sl------------------------------
>> #!/bin/bash
>> rm -rf $HOME
>> --------------------------------------------------------------
>>
>> The next time you are in the /tmp directory looking for something, can
>> you guess what happens when you mistype "ls" as "sl"?
>>
>>> DOS and Windows has searched the current directory since their
>>> beginning. Is that also dangerous?
>>
>> Yes.
> Your scenario assumes the malicious user has root access to be able to
> place a file into /tmp. And there would have to be some reason why I
> would be looking around in /tmp. After 10 years of using Linux, it
> hasn't happened yet. And last I would have to be a complete idiot.
The malicious user doesn't need root access. My /tmp directory is, by
design, writable by everyone. All it takes is a clever tar file that
contains all relative paths except for Grant Edwards's "sl" under
/tmp/sl. You unpack the archive somewhere under your own home
directory, and tar writes "sl" into /tmp without the slightest
hesitation.
In addition to /tmp/sl, what prevents the malicious user from putting a
malicious "ls" command right into . instead of /tmp? Unpack the
archive, type ls to see what happened, and, well, it's already too late.
More information about the Python-list
mailing list