[Twisted-Python] Question regarding widgets

Moshe Zadka twisted at moshez.org
Wed Nov 6 01:31:09 EST 2002

On Wed, 06 Nov 2002, Steve Waterbury <waterbug at beeblebrox.gsfc.nasa.gov> wrote:

> How is having "." on your PYTHONPATH a serious security hole?  
> (Of course it shouldn't be on _root_'s PYTHONPATH, but how is 
> it bad for a regular user?)  

What if you run a Python program from /tmp? One of those smart programs
which do something like

   import gtk
except ImportError:
   gtk = None

What if some malicious user put a gtk.py in /tmp which does something like
os.chmod(os.path.expanduser("~/.secret"), 0777)

And to top it all, assume gtk is, indeed, not installed on this system.

More information about the Twisted-Python mailing list