Author Junyu Zhang
Recipients Junyu Zhang, davin, koobs, pitrou, vstinner, xtreak
Date 2020-03-25.02:49:19
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1585104560.87.0.205980111023.issue40039@roundup.psfhosted.org>
In-reply-to
Content
Thank you for your reply. Yes, under normal circumstances, keys are generally not leaked. I may have only considered the following attacks at the time:
1. If the client script of the distributed process is on another machine, or the key is leaked due to accidental leak.
2. When the attacker has obtained some server permissions, but not the highest permissions, and this distributed service process runs with the highest management permissions, and the attacker has read permissions to the script code, this may cause a Simple elevation.

Of course, after thinking about it carefully, I found that the above problem is just a conjecture, so now I have decided to give up reporting it as CVE, unless I find such a situation.
History
Date User Action Args
2020-03-25 02:49:21Junyu Zhangsetrecipients: + Junyu Zhang, pitrou, vstinner, koobs, davin, xtreak
2020-03-25 02:49:20Junyu Zhangsetmessageid: <1585104560.87.0.205980111023.issue40039@roundup.psfhosted.org>
2020-03-25 02:49:20Junyu Zhanglinkissue40039 messages
2020-03-25 02:49:19Junyu Zhangcreate