Ramchandra Apte added the comment: On 2 November 2012 01:48, Stefan Krah <[email protected]> wrote:
> > Stefan Krah added the comment: > > Isn't IDLE supposed to be a Python shell? As I understand this issue, > you'd have the same "exploit" by adding this to your .bashrc: > > echo "EXPLOIT" > /root/exploit > > > Then, as a normal user, run: > > sudo bash > > > > It would be nice to get rid of the exec, but why is this an exploit? > > ---------- > nosy: +skrah > > _______________________________________ > Python tracker <[email protected]> > <http://bugs.python.org/issue16248> > _______________________________________ > Almost nobody knows that when using tkinter, code in .Tk.py is executed. (readprofile is not even documented!) While in your example, it is quite easy to see that it will run .bashrc ---------- _______________________________________ Python tracker <[email protected]> <http://bugs.python.org/issue16248> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
