[issue16248] Security bug in tkinter allows for untrusted, arbitrary code execution.

Christian Heimes Fri, 02 Nov 2012 11:37:31 -0700

Christian Heimes added the comment:

It's gonna take a while to read this ticket ...


Some comments:
The code in site.py already does some checks, for example getuid() == 
geteuid(). System code and code that is run with administrator privileges shall 
be run with -Es to prevent code injection. See 
https://bugs.launchpad.net/ubuntu/+source/lsb/+bug/938869 comment #24 for an 
issue.

----------

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue16248>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16248] Security bug in tkinter allows for untrusted, arbitrary code execution.

Reply via email to