##// END OF EJS Templates
Fix CVE-2023-24816 by removing legacy code....
Fix CVE-2023-24816 by removing legacy code. Remove legacy code that might trigger a CVE. Currently set_term_title is only called with (semi-)trusted input that contain the current working directory of the current IPython session. If an attacker can control directory names, and manage to get a user cd into this directory the attacker can execute arbitrary commands contained in the folder names. Example: - On a windows machine where python is built without _ctypes, create a folder called && echo "pwn" > pwn.txt. This can be done by for example cloning a git repository. - call toggled_set_term_title(True), (or have the preference to true) - Open IPython and cd into this directory. - the folder now contain a pwn.txt, with pwn as content, despite the user not asking for any code execution. Workaround: Set the configuration option c.TerminalInteractiveShell.term_title_format='IPython' (or to any other fixed, safe string).
Konstantin Weddige -
r28089:991849c2
Show More
Name Size Modified Last Commit Author
/ IPython / core
magics
profile
tests
__init__.py Loading ...
alias.py Loading ...
application.py Loading ...
async_helpers.py Loading ...
autocall.py Loading ...
builtin_trap.py Loading ...
compilerop.py Loading ...
completer.py Loading ...
completerlib.py Loading ...
crashhandler.py Loading ...
debugger.py Loading ...
display.py Loading ...
display_functions.py Loading ...
display_trap.py Loading ...
displayhook.py Loading ...
displaypub.py Loading ...
error.py Loading ...
events.py Loading ...
excolors.py Loading ...
extensions.py Loading ...
formatters.py Loading ...
getipython.py Loading ...
guarded_eval.py Loading ...
history.py Loading ...
historyapp.py Loading ...
hooks.py Loading ...
inputsplitter.py Loading ...
inputtransformer.py Loading ...
inputtransformer2.py Loading ...
interactiveshell.py Loading ...
latex_symbols.py Loading ...
logger.py Loading ...
macro.py Loading ...
magic.py Loading ...
magic_arguments.py Loading ...
oinspect.py Loading ...
page.py Loading ...
payload.py Loading ...
payloadpage.py Loading ...
prefilter.py Loading ...
profileapp.py Loading ...
profiledir.py Loading ...
prompts.py Loading ...
pylabtools.py Loading ...
release.py Loading ...
shellapp.py Loading ...
splitinput.py Loading ...
ultratb.py Loading ...
usage.py Loading ...