#15387: Problem with path security check if owned by a non-primary group
---------------------------+------------------------
Reporter: nbruin | Owner:
Type: defect | Status: new
Priority: major | Milestone: sage-6.4
Component: porting | Resolution:
Keywords: | Merged in:
Authors: | Reviewers:
Report Upstream: N/A | Work issues:
Branch: | Commit:
Dependencies: | Stopgaps:
---------------------------+------------------------
Comment (by vbraun):
I'm finding this annoying too:
{{{
$ ll -Zd .
drwxrwxr-x. vbraun vbraun unconfined_u:object_r:user_home_t:s0 .
$ sage
sys:1: RuntimeWarning: not adding directory '' to sys.path since it's
writable by an untrusted group.
Untrusted users could put files in this directory which might then be
imported by your Python code. As a general precaution from similar
exploits, you should not execute Python code from this directory
┌────────────────────────────────────────────────────────────────────┐
│ Sage Version 6.4.beta6, Release Date: 2014-10-14 │
│ Type "notebook()" for the browser-based notebook interface. │
│ Type "help()" for help. │
└────────────────────────────────────────────────────────────────────┘
}}}
--
Ticket URL: <http://trac.sagemath.org/ticket/15387#comment:12>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica,
and MATLAB
--
You received this message because you are subscribed to the Google Groups
"sage-trac" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/sage-trac.
For more options, visit https://groups.google.com/d/optout.
