You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
But when you use -c, Python adds the current working directory to the
module search path¹. As consequence, you can't run bashtop securely when
your cwd is untrusted (e.g. /tmp).
Forward of another Debian security bug report by Jakub Wilk
(This is similar to #161, but less severe.)
Describe the bug
bashtop runs
python3 -c "import psutil"
to check if the psutil module is available.
But when you use -c, Python adds the current working directory to the
module search path¹. As consequence, you can't run bashtop securely when
your cwd is untrusted (e.g. /tmp).
I suggest changing the command in question to:
(cd / && python3 -c "import psutil")
¹ https://docs.python.org/3/using/cmdline.html#cmdoption-c
The text was updated successfully, but these errors were encountered: