This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author jdemeyer
Recipients Alan.Williams, Arfrever, benjamin.peterson, christian.heimes, eric.araujo, eric.snow, georg.brandl, hasufell, hynek, iankko, jdemeyer, ncoghlan, robertwb, schmir, tarek, vbraun, vstinner
Date 2012-10-15.20:24:59
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1350332699.19.0.739265778461.issue16202@psf.upfronthosting.co.za>
In-reply-to
Content
I should point out that there is also dangerous code in Lib/test/test_subprocess.py in the test_cwd() function.  There, the following is executed from /tmp:

  python -c 'import sys,os; sys.stdout.write(os.getcwd())'

As Python luckily knows where to import sys and os from, this doesn't seem exploitable, but it should be fixed.
History
Date User Action Args
2012-10-15 20:24:59jdemeyersetrecipients: + jdemeyer, georg.brandl, ncoghlan, vstinner, christian.heimes, schmir, robertwb, benjamin.peterson, tarek, eric.araujo, Arfrever, iankko, eric.snow, hynek, Alan.Williams, vbraun, hasufell
2012-10-15 20:24:59jdemeyersetmessageid: <1350332699.19.0.739265778461.issue16202@psf.upfronthosting.co.za>
2012-10-15 20:24:59jdemeyerlinkissue16202 messages
2012-10-15 20:24:59jdemeyercreate