Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython3 / 59b2a74c752578cb67b02b6966f283fd049f646a
commit59b2a74c752578cb67b02b6966f283fd049f646a[log] [tgz]
authorGuido van Rossum <guido@python.org>Fri May 31 21:12:53 2002 +0000
committerGuido van Rossum <guido@python.org>Fri May 31 21:12:53 2002 +0000
tree0d22cefbca493f99f939e16753be892069b2ef94
parent9788384d02a21982bbbdfc97dc95d5502bad1f42 [diff]
SF bug 533625 (Armin Rigo). rexec: potential security hole

If a rexec instance allows writing in the current directory (a common
thing to do), there's a way to execute bogus bytecode.  Fix this by
not allowing imports from .pyc files (in a way that allows a site to
configure things so that .pyc files *are* allowed, if writing is not
allowed).

I'll apply this to 2.2 and 2.1 too.
2 files changed
tree: 0d22cefbca493f99f939e16753be892069b2ef94
  1. Demo/
  2. Doc/
  3. Grammar/
  4. Include/
  5. Lib/
  6. Mac/
  7. Misc/
  8. Modules/
  9. Objects/
  10. Parser/
  11. PC/
  12. PCbuild/
  13. Python/
  14. RISCOS/
  15. Tools/
  16. .cvsignore
  17. .hgtags
  18. configure
  19. configure.in
  20. install-sh
  21. LICENSE
  22. Makefile.pre.in
  23. PLAN.txt
  24. pyconfig.h.in
  25. README
  26. setup.py