[issue1284316] Win32: Security problem with default installation directory
Michael Foord
report at bugs.python.org
Tue Mar 2 13:39:21 CET 2010
Michael Foord <michael at voidspace.org.uk> added the comment:
This is similar to an issue I reported to the security team (same underlying issue). My concern was that with an admin installed version of Python an arbitrary user can modify site.py, or create sitecustomize.py, and cause arbitrary code execution when the admin runs Python.
IMO an admin installed Python should require admin priveleges to write to the Python install directory. I think many users would find installing to "Program Files" a pain and it would break many scripts.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue1284316>
_______________________________________
More information about the Python-bugs-list
mailing list