This isn't just Python, it's a general issue of letting your import (including dynamic linking in C) paths be in control of a malicious user, or executing anything in world-writeable directories in general. Executing stuff from /tmp as part of doctesting bad, glad you caught it.
On Thu, Oct 11, 2012 at 8:42 AM, Jeroen Demeyer <[email protected]> wrote: > I found at least one place where Sage bug #13579 affects the Python > testsuite. If good_user runs the Python testsuite, then evil_user can > force good_user to run arbitraty code. > > This might have even more serious consequences, details later... > > -- > You received this message because you are subscribed to the Google Groups > "sage-devel" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > Visit this group at http://groups.google.com/group/sage-devel?hl=en. > > -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. Visit this group at http://groups.google.com/group/sage-devel?hl=en.
