#15387: Problem with path security check if owned by a non-primary group
-------------------------------------+-------------------------------------
Reporter: nbruin | Owner:
Type: defect | Status: new
Priority: major | Milestone: sage-6.4
Component: porting | Resolution:
Keywords: | Merged in:
Authors: | Reviewers:
Report Upstream: N/A | Work issues:
Branch: | Commit:
u/vbraun/problem_with_path_security_check_if_owned_by_a_non_primary_group|
df321eb4a18c73b360ba3a0c064cb7016a258820
Dependencies: | Stopgaps:
-------------------------------------+-------------------------------------
Comment (by jdemeyer):
Replying to [comment:12 vbraun]:
> I'm finding this annoying too:
> {{{
> $ ll -Zd .
> drwxrwxr-x. vbraun vbraun unconfined_u:object_r:user_home_t:s0 .
> $ sage
> sys:1: RuntimeWarning: not adding directory '' to sys.path since it's
writable by an untrusted group.
> Untrusted users could put files in this directory which might then be
imported by your Python code. As a general precaution from similar
exploits, you should not execute Python code from this directory}}}
What's your `id -a`?
--
Ticket URL: <http://trac.sagemath.org/ticket/15387#comment:15>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica,
and MATLAB
--
You received this message because you are subscribed to the Google Groups
"sage-trac" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/sage-trac.
For more options, visit https://groups.google.com/d/optout.
