Message 86201 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	kindloaf
Recipients	kindloaf
Date	2009-04-20.16:42:29
SpamBayes Score	0.00990721
Marked as misclassified	No
Message-id	<1240245750.84.0.391245943129.issue5802@psf.upfronthosting.co.za>
In-reply-to

Content
The security descriptors of python binaries (like python.exe, pythonw.exe, etc) allow any Authenticated Users to modify these binaries. This may cause a privilege-escalation problem since administrators may use python binaries when performing administrative tasks. A normal unprivileged user may turn a python binary into a trojan and acquire administrator's sids. Test environment: windows vista, python 2.6

The security descriptors of python binaries (like python.exe,
pythonw.exe, etc) allow any Authenticated Users to modify these
binaries.  This may cause a privilege-escalation problem since
administrators may use python binaries when performing administrative
tasks.  A normal unprivileged user may turn a python binary into a
trojan and acquire administrator's sids.

Test environment: windows vista, python 2.6

History
Date	User	Action	Args
2009-04-20 16:42:31	kindloaf	set	recipients: + kindloaf
2009-04-20 16:42:30	kindloaf	set	messageid: <1240245750.84.0.391245943129.issue5802@psf.upfronthosting.co.za>
2009-04-20 16:42:29	kindloaf	link	issue5802 messages
2009-04-20 16:42:29	kindloaf	create