/usr/bin/eyeD3 depends on PATH to find python, crashes with ImportError
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eyed3 (Debian) |
Fix Released
|
Unknown
|
|||
eyed3 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
/usr/bin/eyeD3 is a python script which starts with
#!/usr/bin/env python
but instead should hard-code the path where Ubuntu installed the version of python which has eyeD3's companion libraries:
#!
Depending on PATH leads to disaster if multiple python executables are installed and anything other than the system default is first in PATH. The problem is that eyeD3 depends on its own app-specific libraries, and each python installation uses its own separate library directories. So if the "wrong" python interpreter is used, the expected libraries will not be found. This causes the eye3D program to crash with
ImportError: No module named eyeD3
In particular, if a Libre Office test build is installed and /opt/libreoffic
This is also a security risk because a script named "python" will be executed without the user's knowledge if "." is in PATH before /usr/bin
ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: eyed3 0.6.18-1
ProcVersionSign
Uname: Linux 3.8.0-29-generic x86_64
ApportVersion: 2.9.2-0ubuntu8.3
Architecture: amd64
Date: Tue Sep 3 16:47:18 2013
InstallationDate: Installed on 2013-08-06 (28 days ago)
InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release amd64 (20130424)
MarkForUpload: True
PackageArchitec
SourcePackage: eyed3
UpgradeStatus: No upgrade log present (probably fresh install)
CVE References
Changed in eyed3 (Debian): | |
status: | Unknown → Fix Released |
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.