Author jcea
Recipients akr, akuchling, barry, benjamin.peterson, dmalcolm, glyph, gregory.p.smith, iankko, jcea, loewis, pitrou, psss, r.david.murray, thoger
Date 2010-09-28.03:25:14
SpamBayes Score 0.134634
Marked as misclassified No
Message-id <1285644317.14.0.178366297729.issue5753@psf.upfronthosting.co.za>
In-reply-to
Content
This issue is equivalent to MS Windows DLL hijacking (the MS situation is worse, because the DDL can be in network shares or, even , in remote webdav servers):

http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html
http://news.cnet.com/8301-27080_3-20014625-245.html

When I learned about this attack, my first thought was "what if sys.path.index('')>=0?". Arg!.
History
Date User Action Args
2010-09-28 03:25:17jceasetrecipients: + jcea, loewis, barry, akuchling, gregory.p.smith, pitrou, benjamin.peterson, glyph, psss, r.david.murray, iankko, akr, thoger, dmalcolm
2010-09-28 03:25:17jceasetmessageid: <1285644317.14.0.178366297729.issue5753@psf.upfronthosting.co.za>
2010-09-28 03:25:15jcealinkissue5753 messages
2010-09-28 03:25:14jceacreate