Message173047
Because tkinter.py uses exec to execute code from a file, it has a security bug. It searches for the file in the home dir. Apparently, on my system (don't know if its the same on others), the $HOME variable is the same as the non-root one when running Python with root priveleges
Steps to reproduce:
create a file called .Tk.py in your home folder
Whatever code is in that file will be executed.
run these three lines of code in Python:
import tkinter
w = tkinter.Tk()
w.mainloop()
I will add more details in later comments. |
|
Date |
User |
Action |
Args |
2012-10-16 15:29:21 | Ramchandra Apte | set | recipients:
+ Ramchandra Apte |
2012-10-16 15:29:21 | Ramchandra Apte | set | messageid: <1350401361.69.0.96754494265.issue16248@psf.upfronthosting.co.za> |
2012-10-16 15:29:21 | Ramchandra Apte | link | issue16248 messages |
2012-10-16 15:29:21 | Ramchandra Apte | create | |
|