Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YP7g8GUPcY+UJpg8@LykOS.localdomain>
Date: Mon, 26 Jul 2021 12:21:04 -0400
From: Santiago Torres <torresariass@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: Potential symlink attack in python3 __pycache__

On Mon, Jul 26, 2021 at 06:59:30PM +0300, Georgi Guninski wrote:
> thanks.
> python3 shell is still vulnerable from modules in the current
> directory, but some of them like |sys| and |os| can't be spoofed.

Is this a consequence of sys/os being special exceptions, or the fact
that they are (if my memory doesn't fail me) a bunch of bindings to C
so's? 

Thanks,
-Santiago

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.