Ramchandra Apte added the comment: I made many mistakes in the original bug report. Here is a fixed one:
Because Lib/tkinter/__init__.py:1801 uses exec to execute code from a file, it has a security bug. It searches for the file in the home dir. Apparently, on my system, the $HOME variable is the same as the non-root one when running Python with root privileges using sudo. Steps to reproduce: create a file called .Tk.py in your home folder Whatever code is in that file will be executed. run these three lines of code in Python using sudo: import tkinter w = tkinter.Tk() And the code in the .Tk.py will be executed (unless if you change the baseName for the Tk object) There may be similar ways of running Python with root privileges preserving the environment variables in other OS'es Using Kubuntu Linux (variant of Ubuntu Linux) 12.04 ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue16248> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
