Author hroncok
Recipients hroncok, kj, lemburg, lukasz.langa, mdk, ned.deily, serhiy.storchaka, vstinner
Date 2021-03-10.00:31:38
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1615336299.11.0.620753349125.issue42988@roundup.psfhosted.org>
In-reply-to
Content
Todd Cullum from Red Hat Security team:

"I don't have an account on Python's tracker, would you mind forwarding to upstream on my behalf that this is not only locally exploitable, but it can be exploited by actors on the adjacent network as well because https://github.com/python/cpython/commit/6a396c9807b1674a24e240731f18e20de97117a5 was introduced in Python 3.7.0 alpha 1. I just used the -n option and got to read some of my own files using my cell phone on the WiFi. It does require the port to be unblocked by firewall though."
History
Date User Action Args
2021-03-10 00:31:39hroncoksetrecipients: + hroncok, lemburg, vstinner, ned.deily, lukasz.langa, serhiy.storchaka, mdk, kj
2021-03-10 00:31:39hroncoksetmessageid: <1615336299.11.0.620753349125.issue42988@roundup.psfhosted.org>
2021-03-10 00:31:39hroncoklinkissue42988 messages
2021-03-10 00:31:38hroncokcreate