New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
readline.py file in current directory caused unexpected code execution. #69475
Comments
Running This problem is reported by 'Japan Vulnerability Notes' as a bug on It says that when we run Windows version python will import The line causing this problem may be... Should it be considered as vulnerability of python (or Windows version python)? |
I can reproduce this action on Ubuntu. The forged readline.py in python's execution directory can steal the |
This is not a bug, this is the way python works. When running in interactive mode (only) the current directory is first on the path. Now, should this behavior be changed? I think we've discussed this before and decided not to change it (for backward compatibility reasons), but I think there was dissent and that increasing emphasis on security since that discussion might argue for a different outcome. It's a python-dev mailing list level issue, in any case. |
Well, so much for my memory :(. The actual discussion was in bpo-12238, where *my* conclusion was that this should be fixed (readline should be special cased), but the issue is still open. Patches welcome :) |
I see. Thank you very much, guys. |
python3 -I could be used as a workaround. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: