Hi, On Tue, June 3, 2008 18:26, Thomas Arendsen Hein wrote: > Package: reportbug > Version: 3.31 > Severity: grave > Tags: security > Justification: user security hole > > > sys.path = [os.curdir, '/usr/share/reportbug'] + sys.path > > To "exploit": > $ echo 'raise "FOO"' > token.py > $ reportbug
Can you explain how this is a practical user security hole? Your exploit shows how to "exploit yourself", but it seems very unlikely to me that an attacker can 1) create a file token.py 2) make sure the user is in that curdir 3) AND invoke reportbug. That seems rather contrived to me. Thijs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
