Message303200
This seems to affect different versions of Python Windows installer. The problem is when Python is installed for all users (requires elevation) its binaries and DLLs are shipped with writable permission for "Authenticated Users":
PS C:\Python36> icacls python.exe
python.exe BUILTIN\Administrators:(I)(F)
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Users:(I)(RX)
NT AUTHORITY\Authenticated Users:(I)(M)
...
This could be easily exploited for profit by a malicious user to hijack the interpreter or libraries of other users, including Administrator, possibly leading to the privilege escalation. |
|
Date |
User |
Action |
Args |
2017-09-28 09:15:11 | Pat K | set | recipients:
+ Pat K |
2017-09-28 09:15:11 | Pat K | set | messageid: <1506590111.59.0.466225441844.issue31616@psf.upfronthosting.co.za> |
2017-09-28 09:15:11 | Pat K | link | issue31616 messages |
2017-09-28 09:15:11 | Pat K | create | |
|