Message204932
The uuid._find_mac() function tests that executable file exist before run it. First it tries to run unmodified executable name (i.e. from $PATH) and then from the /sbin or /usr/sbin directories. However test for unmodified executable name is wrong, actually it tests that executable name exists in current directory rather than in $PATH.
As a result uuid._find_mac() always fails on platforms where ifconfig located in $PATH but not in /sbin or /usr/sbin (i.e. Gentoo). If unixdll_getnode() fails too, uuid.getnode() fallbacks to use of _random_getnode(). This is security issue.
test_uuid fails on such platforms too.
Here is a patch for 3.3+. Other Python versions requires different solution. For example this check can be just removed. |
|
Date |
User |
Action |
Args |
2013-12-01 15:12:48 | serhiy.storchaka | set | recipients:
+ serhiy.storchaka, Arfrever |
2013-12-01 15:12:48 | serhiy.storchaka | set | messageid: <1385910768.71.0.356029979861.issue19855@psf.upfronthosting.co.za> |
2013-12-01 15:12:48 | serhiy.storchaka | link | issue19855 messages |
2013-12-01 15:12:48 | serhiy.storchaka | create | |
|