Message374024
I still don't understand why this is considered a Python security problem. If the user can put a malicious "python3.dll" at some arbitrary spot in the filesystem (e.g. a USB flash drive), and fool Python.exe into loading it, then surely they could put an arbitrary executable at that same spot and launch it directly. And that seems way more straightforward. Why would anyone bother with this? |
|
Date |
User |
Action |
Args |
2020-07-20 20:18:22 | larry | set | recipients:
+ larry, paul.moore, vstinner, tim.golden, ned.deily, lukasz.langa, zach.ware, eryksun, steve.dower, Tibor Csonka, miss-islington, anthonywee |
2020-07-20 20:18:22 | larry | set | messageid: <1595276302.55.0.713676350952.issue29778@roundup.psfhosted.org> |
2020-07-20 20:18:22 | larry | link | issue29778 messages |
2020-07-20 20:18:21 | larry | create | |
|