[Python-modules-team] Bug#915803: pytest: insecure use of /tmp
Jakub Wilk
jwilk at jwilk.net
Thu Dec 6 21:48:58 GMT 2018
Source: pytest
Version: 3.10.1-1
Tags: security
The "tmpdir" fixture[*] uses /tmp/pytest-of-$USER/ as a temporary
directory, even when this directory already exist and is owned by
another (potentially malicious) user:
$ ls -ld /tmp/pytest-of-jwilk/
drwxrwxrwx 2 mallory mallory 40 Dec 6 22:29 /tmp/pytest-of-jwilk/
$ echo 'def test_foo(tmpdir): pass' > test.py
$ python3 -m pytest -q test.py
. [100%]
1 passed in 0.05 seconds
$ ls -alr /tmp/pytest-of-jwilk
total 0
lrwxrwxrwx 1 jwilk jwilk 29 Dec 6 22:30 pytest-current -> /tmp/pytest-of-jwilk/pytest-0
drwx------ 3 jwilk jwilk 80 Dec 6 22:30 pytest-0
drwxrwxrwt 11 root root 340 Dec 6 22:30 ..
drwxrwxrwx 3 mallory mallory 80 Dec 6 22:30 .
[*] https://docs.pytest.org/en/3.10.1/tmpdir.html#the-tmpdir-fixture
--
Jakub Wilk
More information about the Python-modules-team
mailing list