This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author Niels.Heinen
Recipients Niels.Heinen, eric.araujo, jcea, r.david.murray
Date 2011-06-06.15:09:14
SpamBayes Score 6.68405e-06
Marked as misclassified No
Message-id <1307372955.69.0.766886823574.issue12238@psf.upfronthosting.co.za>
In-reply-to
Content
Hi Eric, David,

This means that you cannot type "python" and press <enter> in any shared directory without the risk of a malicious readlinemodule.so being imported and executed.  

I think this is different from a scenario where someone explicitly runs a script or imports a module in interactive mode where it is also reasonable that such a person understands the importing mechanism.

Thanks for the quick responses btw!

Niels
History
Date User Action Args
2011-06-06 15:09:15Niels.Heinensetrecipients: + Niels.Heinen, jcea, eric.araujo, r.david.murray
2011-06-06 15:09:15Niels.Heinensetmessageid: <1307372955.69.0.766886823574.issue12238@psf.upfronthosting.co.za>
2011-06-06 15:09:15Niels.Heinenlinkissue12238 messages
2011-06-06 15:09:14Niels.Heinencreate