Author Pat K
Recipients Pat K
Date 2017-09-28.09:15:11
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1506590111.59.0.466225441844.issue31616@psf.upfronthosting.co.za>
In-reply-to
Content
This seems to affect different versions of Python Windows installer. The problem is when Python is installed for all users (requires elevation) its binaries and DLLs are shipped with writable permission for "Authenticated Users":

PS C:\Python36> icacls python.exe
python.exe BUILTIN\Administrators:(I)(F)
           NT AUTHORITY\SYSTEM:(I)(F)
           BUILTIN\Users:(I)(RX)
           NT AUTHORITY\Authenticated Users:(I)(M)

...

This could be easily exploited for profit by a malicious user to hijack the interpreter or libraries of other users, including Administrator, possibly leading to the privilege escalation.
History
Date User Action Args
2017-09-28 09:15:11Pat Ksetrecipients: + Pat K
2017-09-28 09:15:11Pat Ksetmessageid: <1506590111.59.0.466225441844.issue31616@psf.upfronthosting.co.za>
2017-09-28 09:15:11Pat Klinkissue31616 messages
2017-09-28 09:15:11Pat Kcreate