Posted by Georgi Guninski on Jul 26
Potential symlink attack in python3 __pycache__
Not sure if this is vulnerability, but it looks like
classical symlink attack.
In python3, if a script in directory DIR1 does “import another”,
then python3 creates directory __pycache__ in DIR1 and puts
some files in __pycache__.
According to our tests, if DIR1/__pycache__ is symlink to something,
then python3 follows the symlink.
We suspect the attacker has little to no control on…
– Read More – Full Disclosure