#13631: Sage refuses to run despite safe directory
----------------------------------+-----------------------------------------
Reporter: vbraun | Owner: mvngu
Type: defect | Status: new
Priority: blocker | Milestone: sage-5.4
Component: doctest | Resolution:
Keywords: | Work issues:
Report Upstream: N/A | Reviewers:
Authors: Jeroen Demeyer | Merged in:
Dependencies: | Stopgaps:
----------------------------------+-----------------------------------------
Changes (by {'newvalue': u'Jeroen Demeyer', 'oldvalue': ''}):
* author: => Jeroen Demeyer
Old description:
> Something is wrong with the patch at #13579. This breaks the patchbot on
> Fedora:
> {{{
> (sage-sh) patchbot@volker-desktop:sage$ python -Werror -c ''
> RuntimeWarning: not adding directory '' to sys.path since it's writable
> by an untrusted group.
> Untrusted users could put files in this directory which might then be
> imported by your Python code. As a general precaution from similar
> exploits, you should not execute Python code from this directory
> (sage-sh) patchbot@volker-desktop:sage$ ls -ald .
> drwxrwxr-x. 7 patchbot patchbot 4096 Oct 20 11:24 .
> (sage-sh) patchbot@volker-desktop:sage$ umask
> 0002
> (sage-sh) patchbot@volker-desktop:sage$ groups
> patchbot
> (sage-sh) patchbot@volker-desktop:sage$ id
> uid=1001(patchbot) gid=1001(patchbot) groups=1001(patchbot)
> context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> }}}
New description:
Something is wrong with the patch at #13579. This breaks the patchbot on
Fedora:
{{{
(sage-sh) patchbot@volker-desktop:sage$ python -Werror -c ''
RuntimeWarning: not adding directory '' to sys.path since it's writable by
an untrusted group.
Untrusted users could put files in this directory which might then be
imported by your Python code. As a general precaution from similar
exploits, you should not execute Python code from this directory
(sage-sh) patchbot@volker-desktop:sage$ ls -ald .
drwxrwxr-x. 7 patchbot patchbot 4096 Oct 20 11:24 .
(sage-sh) patchbot@volker-desktop:sage$ umask
0002
(sage-sh) patchbot@volker-desktop:sage$ groups
patchbot
(sage-sh) patchbot@volker-desktop:sage$ id
uid=1001(patchbot) gid=1001(patchbot) groups=1001(patchbot)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
}}}
Updated '''spkg''':
[http://boxen.math.washington.edu/home/jdemeyer/spkg/python-2.7.3.p2.spkg]
(diff: [attachment:python-2.7.3.p2.diff])
--
--
Ticket URL: <http://trac.sagemath.org/sage_trac/ticket/13631#comment:8>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica,
and MATLAB
--
You received this message because you are subscribed to the Google Groups
"sage-trac" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/sage-trac?hl=en.
