New submission from Pat K <[email protected]>:
This seems to affect different versions of Python Windows installer. The
problem is when Python is installed for all users (requires elevation) its
binaries and DLLs are shipped with writable permission for "Authenticated
Users":
PS C:\Python36> icacls python.exe
python.exe BUILTIN\Administrators:(I)(F)
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Users:(I)(RX)
NT AUTHORITY\Authenticated Users:(I)(M)
...
This could be easily exploited for profit by a malicious user to hijack the
interpreter or libraries of other users, including Administrator, possibly
leading to the privilege escalation.
----------
components: Installation
messages: 303200
nosy: Pat K
priority: normal
severity: normal
status: open
title: Windows installer: Python binaries are user-writable
versions: Python 3.7
_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue31616>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
