Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2012-01-24 06:14:04 +0200

joro gravatar image

sagenb.org has strange permissions at least in /tmp

In a notebook on sagenb.org:

os.system("id")
uid=1168(sagenbws) gid=1168(sagenbws) groups=1168(sagenbws)
os.system("cat /tmp/tmpzxlnwt/___code___.py") #someone's code
os.system("find /tmp type -type f -user sagenbws   -ls 2>/dev/null") #sagenbws is us
1615059    4 -rw-r--r--   1 sagenbws sagenbws      568 Dec  5 13:32 /tmp/tmp0uWxta/___code___.py
 ...
WARNING: Output truncated!

Since system commands are supported one can use the notebook as a proxy or send email.

If one starts the notebook from sage via notebook() the user id is the user running sage so anyone who can login to the notebook in this case can execute system commands as the user running sage (by default creating accounts appears disabled to me in this case).

Copyright Sage, 2010. Some rights reserved under creative commons license. Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.7.59