[issue14471] Buffer overrun in winreg.c
Amaury Forgeot d'Arc amaur...@gmail.com added the comment: In 2.7, the file is named _winreg.c. But the patch does not apply there, because it's using the ANSI (=bytes) API. -- nosy: +amaury.forgeotdarc ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14471 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14471] Buffer overrun in winreg.c
Kristján Valur Jónsson krist...@ccpgames.com added the comment: Thanks. Martin, what constitutes a security fix for Python? For example, isn't it conceivable that one could place a long key into some registry setting used by python and thus interfere with its stack? Aren't stack buffer overruns a classic security hole? -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14471 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14471] Buffer overrun in winreg.c
Martin v. Löwis mar...@v.loewis.de added the comment: Martin, what constitutes a security fix for Python? For example, isn't it conceivable that one could place a long key into some registry setting used by python and thus interfere with its stack? If it has a CVE identifier, it's a security fix. Otherwise, I'd apply standard risk assessment procedures, and ask the release manager for judgement. Aren't stack buffer overruns a classic security hole? My personal risk assessment of this issue is that it has a fairly low risk, as the likelihood of an attack is low. Just placing a key in the registry is not sufficient as an attack: one would also need a different user who has a Python application that enumerates this part of the registry. In that scenario, the user would have to be unprivileged (*), i.e. would not have write permissions to either HKLM nor HKCR. Writing to HKCU does not constitute a threat, since it would only allow to crash your own Python applications. There may be opportunities where an administrator has a script that traverses HKEY_USERS while a different user is logged on. Given that the threat of being discovered is very high for the attacker, and given that the typical Windows installation does not use concurrent logins, and given that traversing HKEY_USERS is uncommon, I think the risk of this threat is really low. (*) an administrator user could just as well replace the Python DLL, causing a threat regardless of the winreg module. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14471 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14471] Buffer overrun in winreg.c
Kristján Valur Jónsson krist...@ccpgames.com added the comment: Thanks for the your info/insight, Martin. I'll update 3.2 and 3.3. as you suggest then. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14471 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14471] Buffer overrun in winreg.c
Roundup Robot devn...@psf.upfronthosting.co.za added the comment: New changeset b3639f6aaa2b by Kristján Valur Jónsson in branch '3.2': Issue #14471: Fix a possible buffer overrun in the winreg module. http://hg.python.org/cpython/rev/b3639f6aaa2b New changeset 80d814d7b886 by Kristján Valur Jónsson in branch 'default': Merge with 3.2 (Issue #14471) http://hg.python.org/cpython/rev/80d814d7b886 -- nosy: +python-dev ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14471 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14471] Buffer overrun in winreg.c
Changes by Kristján Valur Jónsson krist...@ccpgames.com: -- resolution: - fixed status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14471 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14471] Buffer overrun in winreg.c
Changes by Kristján Valur Jónsson krist...@ccpgames.com: -- title: Buffer oferrun in winreg.c - Buffer overrun in winreg.c ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14471 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14471] Buffer overrun in winreg.c
Changes by Antoine Pitrou pit...@free.fr: -- nosy: +loewis ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14471 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14471] Buffer overrun in winreg.c
Martin v. Löwis mar...@v.loewis.de added the comment: The patch looks fine. As it's not a security fix, it should go into 3.2 and default. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14471 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14471] Buffer overrun in winreg.c
Changes by Martin v. Löwis mar...@v.loewis.de: -- versions: -Python 3.1 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14471 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com