Author kindloaf
Recipients kindloaf
Date 2009-04-20.16:42:29
SpamBayes Score 0.00990721
Marked as misclassified No
Message-id <1240245750.84.0.391245943129.issue5802@psf.upfronthosting.co.za>
In-reply-to
Content
The security descriptors of python binaries (like python.exe,
pythonw.exe, etc) allow any Authenticated Users to modify these
binaries.  This may cause a privilege-escalation problem since
administrators may use python binaries when performing administrative
tasks.  A normal unprivileged user may turn a python binary into a
trojan and acquire administrator's sids.

Test environment: windows vista, python 2.6
History
Date User Action Args
2009-04-20 16:42:31kindloafsetrecipients: + kindloaf
2009-04-20 16:42:30kindloafsetmessageid: <1240245750.84.0.391245943129.issue5802@psf.upfronthosting.co.za>
2009-04-20 16:42:29kindloaflinkissue5802 messages
2009-04-20 16:42:29kindloafcreate