[Python-Dev] Re: 2.3.1

Tim Peters tim.one@comcast.net
Sun, 27 Jul 2003 01:17:51 -0400

[Kurt B. Kaiser]
> An open execution server on an external interface is exploitable at
> the privilege level of the user which initiated it.

Noting that Win9X systems offer no protection in this sense, then (there
aren't any privilege levels -- anyone can do anything).

> At GvR request, the connection was reversed so that the execution
> server connects to the user's GUI process.
> If the local cracker manages to intercept the loopback interface
> (no external packets) he can then access IDLE's stdout and stderr
> streams in the user GUI.
> Once the subprocess makes a connection to the user process, no further
> connections are accepted.  In practice this happens within a second of
> when the user process spawns the subprocess.

I'm not sure I understand this claim.  I just brought up IDLE.  Now in a
separate DOS box:

>>> addr = 'localhost', 8833
>>> import time
>>> time.sleep(5) # more than 1 second <wink>
>>> import socket
>>> s = socket.socket()
>>> s.connect(addr)

Was that connection expected?

> This seems to have limited exploitablility.  If further security is
> desired, a random number could be passed to the subprocess for
> authentication upon connection.

I suppose a randomized port number could be used too.  I'm not worried --
but I tend not to worry much about such things.

if-i-did-i-wouldn't-be-running-windows-ly y'rs  - tim