New submission from Hiroki Kiyohara:
Running `python` interpreter will import `readline.py` file in current
directory.
It causes unexpected code execution.
This problem is reported by 'Japan Vulnerability Notes' as a bug on
Windows version Python http://jvn.jp/jp/JVN49503705/
It says that when we run Windows version python will import `readline.pyd` file
in current directory. And it may run unexpected codes with permission assigned
to python.exe.
The line causing this problem may be...
https://github.com/python/cpython/blob/2.7/Lib/code.py#L303
Should it be considered as vulnerability of python (or Windows version python)?
--
messages: 252012
nosy: Hiroki Kiyohara
priority: normal
severity: normal
status: open
title: readline.py file in current directory caused unexpected code execution.
type: security
versions: Python 2.7, Python 3.2, Python 3.3, Python 3.4, Python 3.5, Python 3.6
___
Python tracker
<http://bugs.python.org/issue25288>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
