subject:"\[issue38985\] `compile` returns the first line of file on termination"

[issue38985] `compile` returns the first line of file on termination

2019-12-06 Thread Serhiy Storchaka



Change by Serhiy Storchaka :


--
resolution:  -> not a bug
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue38985] `compile` returns the first line of file on termination

2019-12-06 Thread Christian Heimes



Christian Heimes  added the comment:

Yes, that is expected behavior.

 Python is not designed for sandboxing and doesn't support sandboxing. *If* 
Python would support sandboxing, then compile() would be one of the first 
functions to go, because it allows an attacker to construct custom executable 
code.

--
nosy: +christian.heimes

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue38985] `compile` returns the first line of file on termination

2019-12-06 Thread Karthikeyan Singaravelan



Karthikeyan Singaravelan  added the comment:

It's not necessarily the first line. The code is executed with the context of 
the given file. Hence the corresponding line number of error from traceback 
with respect to file is printed.

$ cat /tmp/passwd
line 1
line 2
line 3
line 4

$ python3 -c 'compile("\n\n\nyield", "/tmp/passwd", "exec")'
Traceback (most recent call last):
  File "", line 1, in 
  File "/tmp/passwd", line 4
line 4
^
SyntaxError: 'yield' outside function

--
nosy: +xtreak

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue38985] `compile` returns the first line of file on termination

2019-12-06 Thread Koh



New submission from Koh :

By specifying a filename in the compile function and then improperly 
terminating it, we are able to return the first line of any file.

>> compile('yield', '/etc/passwd', 'exec')
File "/etc/passwd", line 1
root:x:0:0:root:/root:/bin/bash
^
SyntaxError: 'yield' outside function

Is this intended behavior? I have been able to use it to escape sandboxes.

--
messages: 357906
nosy: iso
priority: normal
severity: normal
status: open
title: `compile` returns the first line of file on termination
type: security
versions: Python 2.7, Python 3.5, Python 3.6, Python 3.7, Python 3.8, Python 3.9

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue38985] `compile` returns the first line of file on termination

[issue38985] `compile` returns the first line of file on termination

[issue38985] `compile` returns the first line of file on termination

[issue38985] `compile` returns the first line of file on termination

4 matches

Site Navigation

Mail list logo

Footer information