looks like this is a won't fix ...
** Changed in: python2.7 (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1529857
Title:
can you give me an example where one can use it to do something bad and
doesn't have access to root already?
"exploit" demo is funny, though :)
Here's another one: `su root -c 'echo foo'` ;)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Another nice find Bernd, but package names are restricted to include
only:
lower case letters (a-z), digits (0-9), plus (+) and minus (-) signs,
and periods (.). They must be at least two characters long and must
start with an alphanumeric character.
4 matches
Mail list logo