23 lines
693 B
Markdown
23 lines
693 B
Markdown
# Library Hijacking
|
|
|
|
* [Article](https://medium.com/analytics-vidhya/python-library-hijacking-on-linux-with-examples-a31e6a9860c8)
|
|
|
|
## Interpreter might be called invoking sudo
|
|
* Write into a library called inside the script
|
|
|
|
## Path call order of packages
|
|
* Order of paths which are invoked to find packages may be found via
|
|
```sh
|
|
python -c 'import sys; print("\n".join(sys.path))'
|
|
```
|
|
* Higher order directory on a path may have write permission. Insert a similar named package that gets called in the script.
|
|
* The highest order is `pwd`
|
|
|
|
## Redirecting PYTHONPATH
|
|
* `SETENV` may be set while loading script through `sudo`
|
|
```sh
|
|
sudo PYTHONPATH=/tmp/ /usr/bin/python3.6 <script.py>
|
|
```
|
|
|
|
|