0da69615f6
Zack Weinberg found a vulnerability in the way the exevpe() method from the os.py module uses a temporary file name. A file which supposedly should not exist is created in a unsafe way and the method tries to execute it. The objective of such code is to discover what error the operating system returns in a portable way. By exploiting this vulnerability a local attacker can execute arbitrary code with the privileges of the user running python code which uses the execvpe() method. http://python.org/sf/590294 http://python.org/sf/601077 |
||
|---|---|---|
| .. | ||
| patch-configure_in | ||
| patch-Lib_os_py | ||
| patch-Lib_tempfile_py | ||
| patch-Lib_test_test_fcntl_py | ||
| patch-Makefile_pre_in | ||
| patch-Modules_Setup_dist | ||
| patch-Python_thread_pthread_h | ||
| patch-setup_py | ||