#13579: test_executable security risk
------------------------------------------------+---------------------------
Reporter: vbraun | Owner: mvngu
Type: defect | Status: needs_review
Priority: blocker | Milestone: sage-5.4
Component: doctest | Resolution:
Keywords: | Work issues:
Report Upstream: N/A | Reviewers: Volker Braun,
Jeroen Demeyer
Authors: Jeroen Demeyer, Volker Braun | Merged in:
Dependencies: | Stopgaps:
------------------------------------------------+---------------------------
Comment (by vbraun):
Well `test_executable` doesn't just run Sage, it will run other programs
as well. Which may or may not look at files relative to cwd, or may
introduce such a misfeature in a future version. Or a user might just
import the sage library into their own python interpreter. There is only
one way to be absolutely safe, and that is by controlling the path
explicitly. Hence the design of my patch.
--
Ticket URL: <http://trac.sagemath.org/sage_trac/ticket/13579#comment:14>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica,
and MATLAB
--
You received this message because you are subscribed to the Google Groups
"sage-trac" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/sage-trac?hl=en.
