On Tue, Oct 6, 2009 at 11:53 AM, Giles Thomas
wrote:
> Michael Foord wrote:
>>
>> (I'm honestly not sure how creating a writable directory is a security
>> issue?)
>
> I suspect people are thinking of an attack where an untrusted user installs
> a package that looks like a normal one, but actually
Michael Foord wrote:
(I'm honestly not sure how creating a writable directory is a security
issue?)
I suspect people are thinking of an attack where an untrusted user
installs a package that looks like a normal one, but actually does
something nefarious like install a rootkit (and perhaps does
Giles Thomas wrote:
Dino Viehland wrote:
But it seems like CPython is the one who's doing something wrong here.
Another data point; easy_install under CPython using Vista with UAC
switched on tries to escalate permissions as you would expect -- the
normal grey screen, "please enter an admin
Dino Viehland wrote:
But it seems like CPython is the one who's doing something wrong here.
Another data point; easy_install under CPython using Vista with UAC
switched on tries to escalate permissions as you would expect -- the
normal grey screen, "please enter an administrator's details" t
Michael wrote:
> Dino Viehland wrote:
> > Michael wrote:
> >
> >> Curt Hagenlocher wrote:
> >>
> >>> In principle, allowing unprivileged users to install code into a
> >>> location where it can unknowingly be accessed by privileged users is a
> >>> security problem. A "per-user" approach is the rig
Jeff Hardy wrote:
On Tue, Oct 6, 2009 at 10:53 AM, Michael Foord
wrote:
The first succeeds, naturally. Are you saying that it would be *more*
surprising if the second succeeded?
It should be surprising - a limited user should *never* be able to
install software into a shared location.
On Tue, Oct 6, 2009 at 10:53 AM, Michael Foord
wrote:
> The first succeeds, naturally. Are you saying that it would be *more*
> surprising if the second succeeded?
It should be surprising - a limited user should *never* be able to
install software into a shared location. The fact that it works fo
Dino Viehland wrote:
Michael wrote:
Curt Hagenlocher wrote:
In principle, allowing unprivileged users to install code into a
location where it can unknowingly be accessed by privileged users is a
security problem. A "per-user" approach is the right one.
Unknowingly?
I've
Dino Viehland wrote:
Michael wrote:
I don't have an obvious solution (per user site-packages perhaps?) but
present the problem. Python circumvents this problem by *not* installing
into "Program Files".
I would actually say that CPython seems to circumvent this by allowing
users to writ
Dino Viehland wrote:
Michael wrote:
Curt Hagenlocher wrote:
In principle, allowing unprivileged users to install code into a
location where it can unknowingly be accessed by privileged users is a
security problem. A "per-user" approach is the right one.
Unknowingly?
I've
Michael wrote:
> Curt Hagenlocher wrote:
> > In principle, allowing unprivileged users to install code into a
> > location where it can unknowingly be accessed by privileged users is a
> > security problem. A "per-user" approach is the right one.
>
> Unknowingly?
I've just installed some software
Michael wrote:
> I don't have an obvious solution (per user site-packages perhaps?) but
> present the problem. Python circumvents this problem by *not* installing
> into "Program Files".
I would actually say that CPython seems to circumvent this by allowing
users to write to its installation direc
Curt Hagenlocher wrote:
In principle, allowing unprivileged users to install code into a
location where it can unknowingly be accessed by privileged users is a
security problem. A "per-user" approach is the right one.
Unknowingly?
Michael
On Tue, Oct 6, 2009 at 4:45 AM, Michael Foord
mail
In principle, allowing unprivileged users to install code into a location
where it can unknowingly be accessed by privileged users is a security
problem. A "per-user" approach is the right one.
On Tue, Oct 6, 2009 at 4:45 AM, Michael Foord wrote:
> Hello guys,
>
> The msi installer installs by de
On Tue, Oct 6, 2009 at 06:45, Michael Foord wrote:
> Hello guys,
>
> The msi installer installs by default into "C:\Program Files\IronPython
> 2.6". It also creates a "Lib\site-packages" folder.
>
> Presumably the intention is that site-packages is for installed modules /
> packages, however "Prog
Hello guys,
The msi installer installs by default into "C:\Program Files\IronPython
2.6". It also creates a "Lib\site-packages" folder.
Presumably the intention is that site-packages is for installed modules
/ packages, however "Program Files" is a special location and normal
users (Vista /
16 matches
Mail list logo
