This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author pythonhacker
Recipients pythonhacker
Date 2015-03-23.10:37:50
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1427107070.63.0.510567117775.issue23748@psf.upfronthosting.co.za>
In-reply-to
Content 
>> import platform
>>> print 'Actual =>',platform.uname()
Actual => ('Linux', 'toshiba-laptop', '3.13.0-24-generic', '#47-Ubuntu SMP Fri May 2 23:30:00 UTC 2014', 'x86_64', 'x86_64')
>>> import hack_uname
# Someone imports my module unaware of the hack (see attached file)
>>> platform.uname()
('Limux', 'hacker-laptop', '11.15.0-28000-absurd', '#10000 - FunkyDistro SMMP Fry Feb 30 2015 23:59:00 UTC 2015', 'x866_64', 'x866_64')

Fix - Make the global _uname_cache inaccessible via the module and hence unwriteable. I can provide a patch - it is kind of easy fix.

I think this might also be a security issue since if someone is writing a significant piece of code based on the platform it can screw up the system - or his web application if a piece of code like this is introduced in a module via his chain of imports by a malicious hacker.
History
Date User Action Args
2015-03-23 10:37:50pythonhackersetrecipients: + pythonhacker
2015-03-23 10:37:50pythonhackersetmessageid: <1427107070.63.0.510567117775.issue23748@psf.upfronthosting.co.za>
2015-03-23 10:37:50pythonhackerlinkissue23748 messages
2015-03-23 10:37:50pythonhackercreate