Message 252012 - Python tracker

Message252012

Author	Hiroki Kiyohara
Recipients	Hiroki Kiyohara
Date	2015-10-01.09:26:41
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1443691601.94.0.65090362489.issue25288@psf.upfronthosting.co.za>
In-reply-to

Content
Running `python` interpreter will import `readline.py` file in current directory. It causes unexpected code execution. This problem is reported by 'Japan Vulnerability Notes' as a bug on Windows version Python http://jvn.jp/jp/JVN49503705/ It says that when we run Windows version python will import `readline.pyd` file in current directory. And it may run unexpected codes with permission assigned to python.exe. The line causing this problem may be... https://github.com/python/cpython/blob/2.7/Lib/code.py#L303 Should it be considered as vulnerability of python (or Windows version python)?

Content

Running `python` interpreter will import `readline.py` file in current directory.
It causes unexpected code execution.

This problem is reported by 'Japan Vulnerability Notes' as a bug on
Windows version Python http://jvn.jp/jp/JVN49503705/

It says that when we run Windows version python will import `readline.pyd` file in current directory. And it may run unexpected codes with permission assigned to python.exe.

The line causing this problem may be...
https://github.com/python/cpython/blob/2.7/Lib/code.py#L303


Should it be considered as vulnerability of python (or Windows version python)?

History
Date	User	Action	Args
2015-10-01 09:26:41	Hiroki Kiyohara	set	recipients: + Hiroki Kiyohara
2015-10-01 09:26:41	Hiroki Kiyohara	set	messageid: <1443691601.94.0.65090362489.issue25288@psf.upfronthosting.co.za>
2015-10-01 09:26:41	Hiroki Kiyohara	link	issue25288 messages
2015-10-01 09:26:41	Hiroki Kiyohara	create