-
-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sys.executable is sometimes wrong #124241
Comments
I can confirm first behaviour:
But not the second:
Could you, please, show us output of Anyway, this seems to be documented: "If Python is unable to retrieve the real path to its executable, sys.executable will be an empty string or None." Meanwhile, I'll relabel your issue as a feature request. |
@skirpichev, maybe this is a permissions issue? I'm on a root user, and I was able to reproduce the second behavior. Running the following on my results in
Interestingly, running it with a path that doesn't exist results in a fatal error:
Injection of arbitrary files into |
Maybe PATH settings? That does work for me and doesn't look right:
Edit: Perhaps, this should mentioned somehow in docs.
I doubt you can do too much with this mechanism. Unless there are other options to override arg0. There are e.g. various exec*() calls in POSIX, but it's essentially same. Yes, you can abuse mechanism for yourself (regardless on your rights), but what you gain? I doubt this will be a security issue without decent part of social engineering;) |
I could see it being a problem for applications that use It's not a terrible vulnerability, but e.g. a user on a Linux machine owned by their company could use it to mess with whatever software the employer has installed to their computer. (Kind of a bad example, but you get the general idea.) |
But what evil you could do with this, assuming you can point sys.executable to an arbitrary file? Company software will execute one? Wait, but that means that someone else put in system some file, that you already can run (suitable permissions, including executable bit). Then why not run directly? |
Possibly, I'm just speculating 😃 Regardless, this is a bug. I think we should try to stop |
I don't know universal ways to do so. E.g. on Linux (and I think BSD nowadays), you can use /proc//exe symlink. |
Me neither. But I'm not too sure who to CC on this. I guess if this only affects Linux then |
No, I think it should affect any system with POSIX exec*() functions, for example. |
Bug report
Bug description:
On Linux,
sys.executable
is determined usingargv[0]
, and trying to find that in thePATH
. This presumes that the Python interpreter has been started by a shell that interpretsPATH
in the canonical way. There is no guarantee that this happens at all, sosys.executable
may point to something completely different, or is even the empty string.As an example:
should output the path of the Python executable, but simply outputs nothing.
Even worse, one can make Python output a wrong executable, as in
CPython versions tested on:
CPython main branch
Operating systems tested on:
Linux
The text was updated successfully, but these errors were encountered: