[sage-trac] Re: [Sage] #13579: Python sys.path security risk

Tue, 16 Oct 2012 05:02:15 -0700 

#13579: Python sys.path security risk
-------------------------------------------------------+--------------------
       Reporter:  vbraun                               |         Owner:  mvngu  
                     
           Type:  defect                               |        Status:  
positive_review             
       Priority:  blocker                              |     Milestone:  
sage-5.4                    
      Component:  doctest                              |    Resolution:         
                     
       Keywords:                                       |   Work issues:         
                     
Report Upstream:  Reported upstream. No feedback yet.  |     Reviewers:  Volker 
Braun, Jeroen Demeyer
        Authors:  Jeroen Demeyer, Volker Braun         |     Merged in:         
                     
   Dependencies:                                       |      Stopgaps:         
                     
-------------------------------------------------------+--------------------

Comment (by vbraun):

 Given what we learned in this ticket, I think **the only safe way to use
 `Popen` is by supplying a `cwd=` argument** with a directory that you set
 up (even if its just `SAGE_TMP`). Perhaps with the exception of posix
 standard binaries like `ls` or binaries that you wrote yourself. Its a
 simple pattern, easy to communicate and enforce, and will absolutely
 prevent this kind of problem. Basically, it forces the programmer to think
 about the choice of working directory.

 Sure, you can make this whole issue more difficult to exploit by checking
 that the directory is not world-writable. But that does't plug the
 underlying issue.

 Also, the Sage testsuite never ran a test in a specific directory. Its
 hard to imagine how that would be portable, to start with. But in the
 hypothetical case that one would need such a functionality, it could be
 added as an optional keyword parameter to `test_executable`.

 I don't think that `test_executable` is the only dangerous function. In
 fact I'm pretty sure that there are other nuggets hidden if you manage to
 trick somebody into executing Sage in `/tmp`.

-- 
Ticket URL: <http://trac.sagemath.org/sage_trac/ticket/13579#comment:61>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica, 
and MATLAB

-- 
You received this message because you are subscribed to the Google Groups 
"sage-trac" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/sage-trac?hl=en.

Reply via email to