GNOME Bugzilla – Bug 569226
gedit: untrusted python modules search path
Last modified: 2009-02-02 14:30:58 UTC
+++ This bug was initially created as a clone of Bug #569214 +++ (From Jan Lieskovsky, https://bugzilla.redhat.com/show_bug.cgi?id=481556) "Untrusted search path vulnerability in gedit's Python module allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. References: http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html Debian bug report for similar eog issue: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504352#4 Proposed patch: Not sure, if gedi'ts upstream has been reported about this issue. The Debian patch for similar eog's Python related issue, available at: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=02_sanitize_sys.path.patch;att=1;bug=504352 should be sufficient to resolve this issue." There's no CVE assigned yet, but one has been requested. The security severity is considered "low".
Created attachment 127299 [details] [review] Fix the search path vulnerability Patch based on Ray Strode's gedit patch here: http://bugzilla.gnome.org/show_bug.cgi?id=569214#c5 Tested to work with his test case, which previously successfully exploited the vulnerability in Totem. Should we also commit this to gnome-2-24?
Bug in Python really, won't be working around it.