New submission from Hong Chen <cn.hongc...@gmail.com>: The security descriptors of python binaries (like python.exe, pythonw.exe, etc) allow any Authenticated Users to modify these binaries. This may cause a privilege-escalation problem since administrators may use python binaries when performing administrative tasks. A normal unprivileged user may turn a python binary into a trojan and acquire administrator's sids.
Test environment: windows vista, python 2.6 ---------- components: Windows messages: 86201 nosy: kindloaf severity: normal status: open title: The security descriptors of python binaries in Windows are not strict enough type: security versions: Python 2.6 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue5802> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com