"I am only an egg." - 22nd October 2008

"I am only an egg." - 22nd October 2008

Valery V. Vorotyntsev

[	userinfo	\|	livejournal userinfo	]
[	archive	\|	journal archive	]

Links

[

Links:

reader delicious lastfm wishlist yubnub

]

October 22nd, 2008

import sys; sys.path.remove('')

[Oct. 22nd, 2008|05:00 pm]

[

Tags

debian, emacs, english, python, security

]

CVE-2008-3949:

Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.

See Debian bug #499568.

Python's import from current working directory considered harmful?..

Link

Advertisement