Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] loads Python modules from cwd #167

Closed
daissi opened this issue Jul 10, 2020 · 2 comments
Closed

[BUG] loads Python modules from cwd #167

daissi opened this issue Jul 10, 2020 · 2 comments
Assignees
@aristocratos
Labels
bug Something isn't working

Comments

@daissi
Copy link
Contributor

daissi commented Jul 10, 2020

Forward of another Debian security bug report by Jakub Wilk
(This is similar to #161, but less severe.)

Describe the bug

bashtop runs

python3 -c "import psutil"

to check if the psutil module is available.

But when you use -c, Python adds the current working directory to the
module search path¹. As consequence, you can't run bashtop securely when
your cwd is untrusted (e.g. /tmp).

I suggest changing the command in question to:

(cd / && python3 -c "import psutil")

¹ https://docs.python.org/3/using/cmdline.html#cmdoption-c
@daissi daissi added the bug Something isn't working label Jul 10, 2020
@aristocratos
Copy link
Owner

Will fix in next update.

@aristocratos
Copy link
Owner

Fixed in v0.9.22

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aristocratos aristocratos

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@daissi @aristocratos