Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

readline.py file in current directory caused unexpected code execution. #69475

Closed
HirokiKiyohara mannequin opened this issue Oct 1, 2015 · 6 comments
Closed

readline.py file in current directory caused unexpected code execution. #69475

HirokiKiyohara mannequin opened this issue Oct 1, 2015 · 6 comments
Labels
type-security A security issue

Comments

@HirokiKiyohara
Copy link
Mannequin

HirokiKiyohara mannequin commented Oct 1, 2015

BPO 25288
Nosy @bitdancer, @4kir4, @zhangyangyu
Superseder
  • bpo-12238: Readline module loading in interactive mode
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = <Date 2015-10-01.14:03:10.133>
created_at = <Date 2015-10-01.09:26:41.857>
labels = ['type-security']
title = 'readline.py file in current directory caused unexpected code execution.'
updated_at = <Date 2015-10-02.23:25:41.705>
user = 'https://bugs.python.org/HirokiKiyohara'

    bugs.python.org fields:

    activity = <Date 2015-10-02.23:25:41.705>
actor = 'akira'
assignee = 'none'
closed = True
closed_date = <Date 2015-10-01.14:03:10.133>
closer = 'r.david.murray'
components = []
creation = <Date 2015-10-01.09:26:41.857>
creator = 'Hiroki Kiyohara'
dependencies = []
files = []
hgrepos = []
issue_num = 25288
keywords = []
message_count = 6.0
messages = ['252012', '252015', '252027', '252028', '252077', '252180']
nosy_count = 4.0
nosy_names = ['r.david.murray', 'akira', 'xiang.zhang', 'Hiroki Kiyohara']
pr_nums = []
priority = 'normal'
resolution = 'duplicate'
stage = 'resolved'
status = 'closed'
superseder = '12238'
type = 'security'
url = 'https://bugs.python.org/issue25288'
versions = ['Python 2.7', 'Python 3.2', 'Python 3.3', 'Python 3.4', 'Python 3.5', 'Python 3.6']
    @HirokiKiyohara
    Copy link
    Mannequin Author

    HirokiKiyohara mannequin commented Oct 1, 2015

    Running python interpreter will import readline.py file in current directory.
    It causes unexpected code execution.

    This problem is reported by 'Japan Vulnerability Notes' as a bug on
    Windows version Python http://jvn.jp/jp/JVN49503705/

    It says that when we run Windows version python will import readline.pyd file in current directory. And it may run unexpected codes with permission assigned to python.exe.

    The line causing this problem may be...
    https://github.com/python/cpython/blob/2.7/Lib/code.py#L303

    Should it be considered as vulnerability of python (or Windows version python)?

    @HirokiKiyohara HirokiKiyohara mannequin added the type-security A security issue label Oct 1, 2015
    @zhangyangyu
    Copy link
    Member

    I can reproduce this action on Ubuntu.

    The forged readline.py in python's execution directory can steal the
    permission of python and do something dangerous.

    @bitdancer
    Copy link
    Member

    This is not a bug, this is the way python works. When running in interactive mode (only) the current directory is first on the path.

    Now, should this behavior be changed? I think we've discussed this before and decided not to change it (for backward compatibility reasons), but I think there was dissent and that increasing emphasis on security since that discussion might argue for a different outcome. It's a python-dev mailing list level issue, in any case.

    @bitdancer
    Copy link
    Member

    Well, so much for my memory :(.

    The actual discussion was in bpo-12238, where *my* conclusion was that this should be fixed (readline should be special cased), but the issue is still open.

    Patches welcome :)

    @HirokiKiyohara
    Copy link
    Mannequin Author

    HirokiKiyohara mannequin commented Oct 2, 2015

    I see. Thank you very much, guys.

    @4kir4
    Copy link
    Mannequin

    4kir4 mannequin commented Oct 2, 2015

    python3 -I

    could be used as a workaround.

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees
    No one assigned
    Labels
    type-security A security issue
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    2 participants
    @bitdancer @zhangyangyu