Author serhiy.storchaka
Recipients Arfrever, serhiy.storchaka
Date 2013-12-01.15:12:48
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1385910768.71.0.356029979861.issue19855@psf.upfronthosting.co.za>
In-reply-to
Content
The uuid._find_mac() function tests that executable file exist before run it. First it tries to run unmodified executable name (i.e. from $PATH) and then from the /sbin or /usr/sbin directories. However test for unmodified executable name is wrong, actually it tests that executable name exists in current directory rather than in $PATH.

As a result uuid._find_mac() always fails on platforms where ifconfig located in $PATH but not in /sbin or /usr/sbin (i.e. Gentoo). If unixdll_getnode() fails too, uuid.getnode() fallbacks to use of _random_getnode(). This is security issue.

test_uuid fails on such platforms too.

Here is a patch for 3.3+. Other Python versions requires different solution. For example this check can be just removed.
History
Date User Action Args
2013-12-01 15:12:48serhiy.storchakasetrecipients: + serhiy.storchaka, Arfrever
2013-12-01 15:12:48serhiy.storchakasetmessageid: <1385910768.71.0.356029979861.issue19855@psf.upfronthosting.co.za>
2013-12-01 15:12:48serhiy.storchakalinkissue19855 messages
2013-12-01 15:12:48serhiy.storchakacreate