Serious privacy leak in Python for Windows
Hernan M. Foffani
hfoffani at yahoo.com
Tue Jan 15 19:03:10 EST 2002
"Paul Rubin" escribió:
> "Richard M. Smith" writes:
> > To fix this privacy leak, the Python runtime library should block
all
> > file operations when Python code is being used on a Web page, not
just
> > file write operations.
>
> The leak is a terrible bug. Scripts on web pages/emails/etc. should
> always be run in a rexec/Bastion container (for non-Pythonistas, a
> "sandbox") that stops all these operations.
Uninstalling win32all "solves" the problem. I don't know Windows
registry enough, but I'm pretty sure that there is a way to stop
python local scripting on IE.
-Hernan
More information about the Python-list
mailing list