Hong Chen cn.hongc...@gmail.com added the comment:
Sure. Thank you for the information!
Hong
On Tue, Mar 2, 2010 at 4:26 AM, R. David Murray rep...@bugs.python.org wrote:
R. David Murray rdmur...@bitdance.com added the comment:
See also issue 1284316, which is still open, and should
Hong Chen cn.hongc...@gmail.com added the comment:
Sorry for the delay, it's been a busy month.
I just tried python 3.1 If installed under c:\program files, the
access control list would be correct, only system administrator
accounts get the modify privilege.
The default installation is to c
Hong Chen cn.hongc...@gmail.com added the comment:
Thanks for the reply. I can log in as a non-admin user and replace
python.exe with another binary. Does that serve as an attack example?
Hong
On Sun, Feb 7, 2010 at 7:14 PM, Brian Curtin rep...@bugs.python.org wrote:
Changes by Brian
New submission from Hong Chen cn.hongc...@gmail.com:
The security descriptors of python binaries (like python.exe,
pythonw.exe, etc) allow any Authenticated Users to modify these
binaries. This may cause a privilege-escalation problem since
administrators may use python binaries when performing
