Zachary Ware added the comment: If I understand correctly, I think what Ramchandra is getting at is that if an attacker could manage to get a .Tk.py file into a user's home directory somehow, then the next time that user happens to do 'sudo idle', the attacker's code is executed with root privileges.
That said, I don't know that it would be any easier for an attacker to get such a file into such a place than to just do their maliciousness some other way. I think Guilherme's suggestion of just making those who need it call it themselves, instead of at every tkinter startup, sounds good. ---------- nosy: +zach.ware _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue16248> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
