# Library Hijacking

* [Article](https://medium.com/analytics-vidhya/python-library-hijacking-on-linux-with-examples-a31e6a9860c8)

## Interpreter might be called invoking sudo 
* Write into a library called inside the script

## Path call order of packages
* Order of paths which are invoked to find packages may be found via
```sh
python -c 'import sys; print("\n".join(sys.path))'
```
* Higher order directory on a path may have write permission. Insert a similar named package that gets called in the script.
* The highest order is `pwd`

## Redirecting PYTHONPATH 
* `SETENV` may be set while loading script through `sudo`
```sh
sudo PYTHONPATH=/tmp/ /usr/bin/python3.6 <script.py>
```