Author eryksun
Recipients Tibor Csonka, anthonywee, eryksun, larry, lukasz.langa, miss-islington, ned.deily, paul.moore, steve.dower, tim.golden, vstinner, zach.ware
Date 2020-07-20.21:27:31
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1595280451.45.0.645775806256.issue29778@roundup.psfhosted.org>
In-reply-to
Content
> I still don't understand why this is considered a Python security problem.
> If the user can put a malicious "python3.dll" at some arbitrary spot in 
> the filesystem (e.g. a USB flash drive), and fool Python.exe into loading
> it, then surely they could put an arbitrary executable at that same spot 
> and launch it directly.

What would be the point of adding an arbitrary executable in "C:\spam" or "D:\"? It's not in the system PATH, "App Paths", or any file-association template command. But if you can inject code into vulnerable processes that embed Python by simply creating "C:\DLLs\python3.dll", that seems like low-hanging fruit to me. Just wait for it to be run with administrator access, and then you can own the entire system.
History
Date User Action Args
2020-07-20 21:27:31eryksunsetrecipients: + eryksun, paul.moore, vstinner, larry, tim.golden, ned.deily, lukasz.langa, zach.ware, steve.dower, Tibor Csonka, miss-islington, anthonywee
2020-07-20 21:27:31eryksunsetmessageid: <1595280451.45.0.645775806256.issue29778@roundup.psfhosted.org>
2020-07-20 21:27:31eryksunlinkissue29778 messages
2020-07-20 21:27:31eryksuncreate