oss-sec mailing list archives
Re: Potential symlink attack in python3 __pycache__
From: Santiago Torres <torresariass () gmail com>
Date: Mon, 26 Jul 2021 12:21:04 -0400
On Mon, Jul 26, 2021 at 06:59:30PM +0300, Georgi Guninski wrote:
thanks. python3 shell is still vulnerable from modules in the current directory, but some of them like |sys| and |os| can't be spoofed.
Is this a consequence of sys/os being special exceptions, or the fact that they are (if my memory doesn't fail me) a bunch of bindings to C so's? Thanks, -Santiago
Attachment:
signature.asc
Description:
Current thread:
- Potential symlink attack in python3 __pycache__ Georgi Guninski (Jul 24)
- Re: Potential symlink attack in python3 __pycache__ Michael Orlitzky (Jul 24)
- Re: Potential symlink attack in python3 __pycache__ Georgi Guninski (Jul 26)
- Re: Potential symlink attack in python3 __pycache__ Santiago Torres (Jul 26)
- Re: Potential symlink attack in python3 __pycache__ Jakub Wilk (Jul 26)
- Re: Potential symlink attack in python3 __pycache__ Georgi Guninski (Jul 26)
- Re: Potential symlink attack in python3 __pycache__ Michael Orlitzky (Jul 24)