[New-bugs-announce] [issue5802] The security descriptors of python binaries in Windows are not strict enough
Hong Chen
report at bugs.python.org
Mon Apr 20 18:42:30 CEST 2009
New submission from Hong Chen <cn.hongchen at gmail.com>:
The security descriptors of python binaries (like python.exe,
pythonw.exe, etc) allow any Authenticated Users to modify these
binaries. This may cause a privilege-escalation problem since
administrators may use python binaries when performing administrative
tasks. A normal unprivileged user may turn a python binary into a
trojan and acquire administrator's sids.
Test environment: windows vista, python 2.6
----------
components: Windows
messages: 86201
nosy: kindloaf
severity: normal
status: open
title: The security descriptors of python binaries in Windows are not strict enough
type: security
versions: Python 2.6
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue5802>
_______________________________________
More information about the New-bugs-announce
mailing list