On 2012-10-11 20:54, Robert Bradshaw wrote: > This isn't just Python, it's a general issue of letting your import > (including dynamic linking in C) paths be in control of a malicious > user, or executing anything in world-writeable directories in general. I actually do think it is "just Python", which is very insecure *by default*. Of course one can always mess up, but /tmp is not going to magically end up in $LD_LIBRARY_PATH by itself. In Python, /tmp might end up in sys.path by itself.
-- You received this message because you are subscribed to the Google Groups "sage-devel" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. Visit this group at http://groups.google.com/group/sage-devel?hl=en.
