Message 303200 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Pat K
Recipients	Pat K
Date	2017-09-28.09:15:11
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1506590111.59.0.466225441844.issue31616@psf.upfronthosting.co.za>
In-reply-to

Content
This seems to affect different versions of Python Windows installer. The problem is when Python is installed for all users (requires elevation) its binaries and DLLs are shipped with writable permission for "Authenticated Users": PS C:\Python36> icacls python.exe python.exe BUILTIN\Administrators:(I)(F) NT AUTHORITY\SYSTEM:(I)(F) BUILTIN\Users:(I)(RX) NT AUTHORITY\Authenticated Users:(I)(M) ... This could be easily exploited for profit by a malicious user to hijack the interpreter or libraries of other users, including Administrator, possibly leading to the privilege escalation.

This seems to affect different versions of Python Windows installer. The problem is when Python is installed for all users (requires elevation) its binaries and DLLs are shipped with writable permission for "Authenticated Users":

PS C:\Python36> icacls python.exe
python.exe BUILTIN\Administrators:(I)(F)
           NT AUTHORITY\SYSTEM:(I)(F)
           BUILTIN\Users:(I)(RX)
           NT AUTHORITY\Authenticated Users:(I)(M)

...

This could be easily exploited for profit by a malicious user to hijack the interpreter or libraries of other users, including Administrator, possibly leading to the privilege escalation.

History
Date	User	Action	Args
2017-09-28 09:15:11	Pat K	set	recipients: + Pat K
2017-09-28 09:15:11	Pat K	set	messageid: <1506590111.59.0.466225441844.issue31616@psf.upfronthosting.co.za>
2017-09-28 09:15:11	Pat K	link	issue31616 messages
2017-09-28 09:15:11	Pat K	create