Message 86201 - Python tracker

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

In-reply-to
Author	kindloaf
Recipients	kindloaf
Date	2009年04月20日.16:42:29
SpamBayes Score	0.00990721
Marked as misclassified	No
Message-id	<1240245750.84.0.391245943129.issue5802@psf.upfronthosting.co.za>

Content
The security descriptors of python binaries (like python.exe, pythonw.exe, etc) allow any Authenticated Users to modify these binaries. This may cause a privilege-escalation problem since administrators may use python binaries when performing administrative tasks. A normal unprivileged user may turn a python binary into a trojan and acquire administrator's sids. Test environment: windows vista, python 2.6

Content

The security descriptors of python binaries (like python.exe,
pythonw.exe, etc) allow any Authenticated Users to modify these
binaries. This may cause a privilege-escalation problem since
administrators may use python binaries when performing administrative
tasks. A normal unprivileged user may turn a python binary into a
trojan and acquire administrator's sids.
Test environment: windows vista, python 2.6

History
Date	User	Action	Args
2009年04月20日 16:42:31	kindloaf	set	recipients: + kindloaf
2009年04月20日 16:42:30	kindloaf	set	messageid: <1240245750.84.0.391245943129.issue5802@psf.upfronthosting.co.za>
2009年04月20日 16:42:29	kindloaf	link	issue5802 messages
2009年04月20日 16:42:29	kindloaf	create

homepage