[dia] Bug #581177 - work around Python's untrusted search path vulnerability

From: Hans Breuer <hans src gnome org>
To: svn-commits-list gnome org
Subject: [dia] Bug #581177 - work around Python's untrusted search path vulnerability
Date: Sat, 23 May 2009 04:28:26 -0400 (EDT)

commit f65009acefcde9b786fe9dab46a3ad044ce3a295
Author: Hans Breuer <hans breuer org>
Date:   Sat May 23 10:27:08 2009 +0200

    Bug #581177 - work around Python's untrusted search path vulnerability
---
 plug-ins/python/python.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/plug-ins/python/python.c b/plug-ins/python/python.c
index f207c18..f27ab17 100644
--- a/plug-ins/python/python.c
+++ b/plug-ins/python/python.c
@@ -102,6 +102,8 @@ dia_plugin_init(PluginInfo *info)
     Py_Initialize();
 
     PySys_SetArgv(1, python_argv);
+    /* Sanitize sys.path */
+    PyRun_SimpleString("import sys; sys.path = filter(None, sys.path)");
 
     if (on_error_report())
 	return DIA_PLUGIN_INIT_ERROR;

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]