Jeroen Demeyer added the comment: I should point out that there is also dangerous code in Lib/test/test_subprocess.py in the test_cwd() function. There, the following is executed from /tmp:
python -c 'import sys,os; sys.stdout.write(os.getcwd())' As Python luckily knows where to import sys and os from, this doesn't seem exploitable, but it should be fixed. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue16202> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com