#13579: test_executable security risk
-----------------------+----------------------------------------------------
Reporter: vbraun | Owner: mvngu
Type: defect | Status: new
Priority: blocker | Milestone: sage-5.5
Component: doctest | Keywords:
Work issues: | Report Upstream: N/A
Reviewers: | Authors:
Merged in: | Dependencies:
Stopgaps: |
-----------------------+----------------------------------------------------
`test_executable` runs various executables in `/tmp`. Since Python has `.`
in `sys.path`, it is trivial for any user to have code executed by the
user running the doctests. For example:
{{{
[eviluser@hostname ~]$ echo 'print "EVIL!!"' > /tmp/socket.py
...
[vbraun@hostname ~]$ sage -t -force_lib devel/sage/sage/tests/cmdline.py
sage -t -force_lib "devel/sage/sage/tests/cmdline.py"
**********************************************************************
File "/home/vbraun/opt/sage-5.4.beta1/devel/sage/sage/tests/cmdline.py",
line 248:
sage: print out
Expected:
1
Got:
EVIL!!
}}}
`test_executable` should securely create a temp directory and run the
executable in there.
--
Ticket URL: <http://trac.sagemath.org/sage_trac/ticket/13579>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica,
and MATLAB
--
You received this message because you are subscribed to the Google Groups
"sage-trac" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/sage-trac?hl=en.
