Message 117504 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	jcea
Recipients	akr, akuchling, barry, benjamin.peterson, dmalcolm, glyph, gregory.p.smith, iankko, jcea, loewis, pitrou, psss, r.david.murray, thoger
Date	2010-09-28.03:25:14
SpamBayes Score	0.13463375
Marked as misclassified	No
Message-id	<1285644317.14.0.178366297729.issue5753@psf.upfronthosting.co.za>
In-reply-to

Content
This issue is equivalent to MS Windows DLL hijacking (the MS situation is worse, because the DDL can be in network shares or, even , in remote webdav servers): http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html http://news.cnet.com/8301-27080_3-20014625-245.html When I learned about this attack, my first thought was "what if sys.path.index('')>=0?". Arg!.

This issue is equivalent to MS Windows DLL hijacking (the MS situation is worse, because the DDL can be in network shares or, even , in remote webdav servers):

http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html
http://news.cnet.com/8301-27080_3-20014625-245.html

When I learned about this attack, my first thought was "what if sys.path.index('')>=0?". Arg!.

History
Date	User	Action	Args
2010-09-28 03:25:17	jcea	set	recipients: + jcea, loewis, barry, akuchling, gregory.p.smith, pitrou, benjamin.peterson, glyph, psss, r.david.murray, iankko, akr, thoger, dmalcolm
2010-09-28 03:25:17	jcea	set	messageid: <1285644317.14.0.178366297729.issue5753@psf.upfronthosting.co.za>
2010-09-28 03:25:15	jcea	link	issue5753 messages
2010-09-28 03:25:14	jcea	create