Perl had a few CVE because of its rmtree implementation. Removing trees is risky business if root runs the function while other users have access to manipulate the tree. Python's shutils.rmtree seems to have many of the same issues. For instance http://bugs.debian.org/286922 shows how to get root to remove /etc/passwd. The attack should work with shutils.rmtree as well. The referenced bug is a followup to CVE-2005-0448. This just to show that there are relevant CVEs that don't have the keyword "python" attached to them. --Gisle
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4