Message174488
On 2 November 2012 01:48, Stefan Krah <report@bugs.python.org> wrote:
>
> Stefan Krah added the comment:
>
> Isn't IDLE supposed to be a Python shell? As I understand this issue,
> you'd have the same "exploit" by adding this to your .bashrc:
>
> echo "EXPLOIT" > /root/exploit
>
>
> Then, as a normal user, run:
>
> sudo bash
>
>
>
> It would be nice to get rid of the exec, but why is this an exploit?
>
> ----------
> nosy: +skrah
>
> _______________________________________
> Python tracker <report@bugs.python.org>
> <http://bugs.python.org/issue16248>
> _______________________________________
>
Almost nobody knows that when using tkinter, code in .Tk.py is executed.
(readprofile is not even documented!)
While in your example, it is quite easy to see that it will run .bashrc |
|
Date |
User |
Action |
Args |
2012-11-02 04:41:33 | Ramchandra Apte | set | recipients:
+ Ramchandra Apte, terry.reedy, mark.dickinson, pitrou, gpolo, Arfrever, asvetlov, skrah, zach.ware |
2012-11-02 04:41:32 | Ramchandra Apte | link | issue16248 messages |
2012-11-02 04:41:32 | Ramchandra Apte | create | |
|