Message373919
> If you can put files in the root of the hard drive where Windows was
> installed, surely you have other, easier attack vectors.
A rooted path is resolved relative to the process working directory, and Python can be started with any current working directory.
The default access control set on the root directory of a filesystem allows any authenticated user to create files or directories, such as "D:\python3.dll". That's if a filesystem even supports security. Removable drives are often formatted as FAT32 or exFAT, and FAT filesystems have no security.
The system drive (almost always "C:") has to be an NTFS filesystem, and its root directory is locked down a bit more. It's at high integrity level with a no-write-up rule for files, but not for directories. Only a logon at elevated integrity level (high or system level) can create "C:\python3.dll". OTOH, any authenticated user is still allowed to create a directory, such as "C:\DLLs", and is granted the right to create files in it such as "C:\DLLs\python3.dll". |
|
Date |
User |
Action |
Args |
2020-07-18 21:01:03 | eryksun | set | recipients:
+ eryksun, paul.moore, vstinner, larry, tim.golden, ned.deily, lukasz.langa, zach.ware, steve.dower, Tibor Csonka, miss-islington, anthonywee |
2020-07-18 21:01:03 | eryksun | set | messageid: <1595106063.11.0.641637489719.issue29778@roundup.psfhosted.org> |
2020-07-18 21:01:03 | eryksun | link | issue29778 messages |
2020-07-18 21:01:02 | eryksun | create | |
|