#13579: test_executable security risk
---------------------------------------------------------------+------------
Reporter: vbraun | Owner:
mvngu
Type: defect | Status:
needs_review
Priority: blocker | Milestone:
sage-5.4
Component: doctest | Resolution:
Keywords: | Work issues:
Report Upstream: Not yet reported upstream; Will do shortly. | Reviewers:
Volker Braun, Jeroen Demeyer
Authors: Jeroen Demeyer, Volker Braun | Merged in:
Dependencies: | Stopgaps:
---------------------------------------------------------------+------------
Comment (by vbraun):
CPython handles this already, cwd is not in the path if it is run non-
interactively:
{{{
[vbraun@laptop ~]$ cat /tmp/test.py
#!/usr/bin/env python
import sys
print sys.path
[vbraun@laptop ~]$ /tmp/test.py
['/tmp', '/usr/lib64/python27.zip', '/usr/lib64/python2.7', ...]
[vbraun@laptop ~]$ python /tmp/test.py
['/tmp', '/usr/lib64/python27.zip', '/usr/lib64/python2.7', ...]
[vbraun@laptop tmp]$ python
Python 2.7.3 (default, Jul 24 2012, 10:05:38)
[GCC 4.7.0 20120507 (Red Hat 4.7.0-5)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sys
>>> sys.path
['', '/usr/lib64/python27.zip', '/usr/lib64/python2.7', ...]
}}}
CPython doesn't check for permissions of the script directory, though
arguably you want the script directory in the path if you put the script
there in the first place.
--
Ticket URL: <http://trac.sagemath.org/sage_trac/ticket/13579#comment:16>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica,
and MATLAB
--
You received this message because you are subscribed to the Google Groups
"sage-trac" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/sage-trac?hl=en.