Message 174469 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	skrah
Recipients	Arfrever, Ramchandra Apte, asvetlov, gpolo, mark.dickinson, pitrou, skrah, terry.reedy, zach.ware
Date	2012-11-01.20:18:00
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1351801080.77.0.179401829501.issue16248@psf.upfronthosting.co.za>
In-reply-to

Content
Isn't IDLE supposed to be a Python shell? As I understand this issue, you'd have the same "exploit" by adding this to your .bashrc: echo "EXPLOIT" > /root/exploit Then, as a normal user, run: sudo bash It would be nice to get rid of the exec, but why is this an exploit?

Isn't IDLE supposed to be a Python shell? As I understand this issue,
you'd have the same "exploit" by adding this to your .bashrc:

echo "EXPLOIT" > /root/exploit


Then, as a normal user, run:

sudo bash



It would be nice to get rid of the exec, but why is this an exploit?

History
Date	User	Action	Args
2012-11-01 20:18:00	skrah	set	recipients: + skrah, terry.reedy, mark.dickinson, pitrou, gpolo, Arfrever, asvetlov, Ramchandra Apte, zach.ware
2012-11-01 20:18:00	skrah	set	messageid: <1351801080.77.0.179401829501.issue16248@psf.upfronthosting.co.za>
2012-11-01 20:18:00	skrah	link	issue16248 messages
2012-11-01 20:18:00	skrah	create