A potential security risk associated with importing modules in Python has been highlighted by proposed nobugs. The import function in Python allows external scripts to be loaded into a programme, and these scripts could be modified by an attacker to execute unintended code.
This becomes a significant vulnerability when a high-privileged account runs Python code as a scheduled task or via crontab, as an attacker could exploit this to gain elevated permissions.
The directory containing the input script and PYTHONPATH are the two areas of particular risk where an attacker with sufficient permissions could place an file to intercept a module load.
To mitigate this risk, users should ensure correct directory permissions are set and that PYTHONPATH is restricted and carefully monitored.
This article is intended to demonstrate explicit penetration testing and red teaming, and users are urged to follow best practices and adhere to appropriate licensing when using code inline.