Issue 5802: The security descriptors of python binaries in Windows are not strict enough (original) (raw)

Created on 2009-04-20 16:42 by kindloaf, last changed 2022-04-11 14:56 by admin. This issue is now closed.

Messages (7)
msg86201 - (view) Author: Hong Chen (kindloaf) Date: 2009-04-20 16:42
The security descriptors of python binaries (like python.exe, pythonw.exe, etc) allow any Authenticated Users to modify these binaries. This may cause a privilege-escalation problem since administrators may use python binaries when performing administrative tasks. A normal unprivileged user may turn a python binary into a trojan and acquire administrator's sids. Test environment: windows vista, python 2.6
msg99038 - (view) Author: Hong Chen (kindloaf) Date: 2010-02-08 06:31
Thanks for the reply. I can log in as a non-admin user and replace python.exe with another binary. Does that serve as an attack example? Hong On Sun, Feb 7, 2010 at 7:14 PM, Brian Curtin <report@bugs.python.org> wrote: > > Changes by Brian Curtin <curtin@acm.org>: > > > ---------- > stage:  -> test needed > > _______________________________________ > Python tracker <report@bugs.python.org> > <http://bugs.python.org/issue5802> > _______________________________________ >
msg99047 - (view) Author: Brian Curtin (brian.curtin) * (Python committer) Date: 2010-02-08 15:23
Is the situation any different if you install Python to "C:\Program Files"? This seems to be at least part of the reason IronPython installs to "C:\Program Files", which was discussed on the IronPython list [1] a few months ago. [1] http://lists.ironpython.com/pipermail/users-ironpython.com/2009-October/011345.html
msg100219 - (view) Author: Hong Chen (kindloaf) Date: 2010-02-28 20:07
Sorry for the delay, it's been a busy month. I just tried python 3.1 If installed under c:\program files, the access control list would be correct, only system & administrator accounts get the modify privilege. The default installation is to c:\python31, in which the access control list has the issue that unprivileged users can modify it. I guess a possible remedy to this is that after installation, the setup program can just remove "authenticated users" from the access control list, or at least remove the "modify" privilege from the corresponding entry. Thanks, Hong On Mon, Feb 8, 2010 at 7:23 AM, Brian Curtin <report@bugs.python.org> wrote: > > Brian Curtin <curtin@acm.org> added the comment: > > Is the situation any different if you install Python to "C:\Program Files"? This seems to be at least part of the reason IronPython installs to "C:\Program Files", which was discussed on the IronPython list [1] a few months ago. > > > [1] http://lists.ironpython.com/pipermail/users-ironpython.com/2009-October/011345.html > > ---------- > nosy: +brian.curtin > > _______________________________________ > Python tracker <report@bugs.python.org> > <http://bugs.python.org/issue5802> > _______________________________________ >
msg100257 - (view) Author: Brian Curtin (brian.curtin) * (Python committer) Date: 2010-03-01 15:45
Even if we changed the ACL of the executable, any user could still add malicious code to be executed on import, as the C:\PythonXY directory doesn't require specific privileges for writing to it, and it shouldn't by default. When installed to "C:\Program Files", certain privileges are required to install anything, so regular users can't install third party code or swap out the interpreter. If you need the added security, you are more than welcome to choose to install Python to a more secure location. Defaulting to "C:\Program Files" isn't necessary. See also: issues #1074873 and #818030
msg100288 - (view) Author: R. David Murray (r.david.murray) * (Python committer) Date: 2010-03-02 12:26
See also issue 1284316, which is still open, and should probably remain open even though there's no consensus to make a change (yet?).
msg100332 - (view) Author: Hong Chen (kindloaf) Date: 2010-03-03 04:42
Sure. Thank you for the information! Hong On Tue, Mar 2, 2010 at 4:26 AM, R. David Murray <report@bugs.python.org> wrote: > > R. David Murray <rdmurray@bitdance.com> added the comment: > > See also issue 1284316, which is still open, and should probably remain open even though there's no consensus to make a change (yet?). > > ---------- > nosy: +ezio.melotti, flox, r.david.murray > priority:  -> normal > superseder:  -> Win32: Security problem with default installation directory > > _______________________________________ > Python tracker <report@bugs.python.org> > <http://bugs.python.org/issue5802> > _______________________________________ >
History
Date User Action Args
2022-04-11 14:56:48 admin set github: 50052
2010-03-03 04:42:55 kindloaf set messages: +
2010-03-02 12:26:16 r.david.murray set priority: normalnosy: + r.david.murray, ezio.melotti, floxmessages: + superseder: Win32: Security problem with default installation directory
2010-03-01 15:45:54 brian.curtin set status: open -> closedresolution: rejectedmessages: +
2010-02-28 20:07:23 kindloaf set messages: +
2010-02-08 15:23:02 brian.curtin set nosy: + brian.curtinmessages: +
2010-02-08 06:31:44 kindloaf set messages: +
2010-02-08 03:14:26 brian.curtin set stage: test needed
2009-04-20 16:42:29 kindloaf create