Message 269489 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	steve.dower
Recipients	anandbhat, chrullrich, eryksun, paul.moore, steve.dower, tim.golden, zach.ware
Date	2016-06-29.13:35:20
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1467207321.11.0.414510319834.issue27410@psf.upfronthosting.co.za>
In-reply-to

Content
Unless you can show that it's loaded after the installer elevates, I'm not concerned. "User can run arbitrary code as themselves" is not a security vulnerability. (Hint: when the bundle elevates, it copies the exe to a new directory and runs it from there to avoid this issue.) I'll leave this open for a few days in case of more comments.

Unless you can show that it's loaded after the installer elevates, I'm not concerned. "User can run arbitrary code as themselves" is not a security vulnerability. (Hint: when the bundle elevates, it copies the exe to a new directory and runs it from there to avoid this issue.)

I'll leave this open for a few days in case of more comments.

History
Date	User	Action	Args
2016-06-29 13:35:21	steve.dower	set	recipients: + steve.dower, paul.moore, tim.golden, zach.ware, eryksun, chrullrich, anandbhat
2016-06-29 13:35:21	steve.dower	set	messageid: <1467207321.11.0.414510319834.issue27410@psf.upfronthosting.co.za>
2016-06-29 13:35:21	steve.dower	link	issue27410 messages
2016-06-29 13:35:20	steve.dower	create