[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[oss-security] ipython3 may execute code from the current working directory



Summary: under certain circumstances, ipython3 may execute
code from the current working directory. This might be a
problem if the current working directory is not trusted.

python3 is safe.

Tested on ubuntu 20.

The following session illustrates it:

joro@bialokote:~/tests/dir2$ pwd
/home/joro/tests/dir2
joro@bialokote:~/tests/dir2$ ipython3 --version
7.13.0
joro@bialokote:~/tests/dir2$ ls ~/tests/dir1
a.py  joro-orig.py  __pycache__
joro@bialokote:~/tests/dir2$ ls ~/tests/dir2
joro.py  __pycache__
joro@bialokote:~/tests/dir2$ cat ~/tests/dir1/a.py
try:  import joro
except:  print("error in import")
joro@bialokote:~/tests/dir2$ cat ~/tests/dir2/joro.py
print("imported joro :)")
joro@bialokote:~/tests/dir2$ ipython3 ~/tests/dir1/a.py
imported joro :)
joro@bialokote:~/tests/dir2$