#13579: Python sys.path security risk
-------------------------------------------------------+--------------------
Reporter: vbraun | Owner: mvngu
Type: defect | Status: closed
Priority: blocker | Milestone:
sage-5.4
Component: doctest | Resolution: fixed
Keywords: | Work issues:
Report Upstream: Reported upstream. No feedback yet. | Reviewers: Volker
Braun, Jeroen Demeyer, David Roe
Authors: Jeroen Demeyer, Volker Braun | Merged in:
sage-5.4.rc2
Dependencies: | Stopgaps:
-------------------------------------------------------+--------------------
Comment (by leif):
Replying to [comment:82 vbraun]:
> You'll always be able to make doctests fail if you point `SAGE_TESTDIR`
at an ill-suited directory. Try `SAGE_TESTDIR=/proc`.
That's unrelated. It's IMHO pretty ok to have `SAGE_TESTDIR=/tmp` (or
whatever world-writable scratch directory; same for `SAGE_TMP`).
The test just shouldn't write the script into that directory, but instead
into a "safe" subdir, just where all other doctest scripts end up.
Orthogonal to the safety issue, the test could just fail because different
test instances (in this case, on different machines, but sharing the test
directory) use the same file at the same time.
--
Ticket URL: <http://trac.sagemath.org/sage_trac/ticket/13579#comment:83>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica,
and MATLAB
--
You received this message because you are subscribed to the Google Groups
"sage-trac" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/sage-trac?hl=en.
