Re: Serious privacy leak in Python for Windows

From: Luke Kenneth Casson Leighton (lkcl@SAMBA-TNG.ORG)
Date: 01/17/02


Date:         Wed, 16 Jan 2002 23:51:22 +0000
From: Luke Kenneth Casson Leighton <lkcl@SAMBA-TNG.ORG>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM


----- Forwarded message from Guido van Rossum <guido@python.org> -----

Subject: Re: [rms@COMPUTERBYTESMAN.COM: Serious privacy leak in Python for Windows]
From: Guido van Rossum <guido@python.org>
Date: Wed, 16 Jan 2002 08:13:02 -0500

> [contents of private discussion with guido deleted]
> [...]
>
> ? i _really_ don't get this.
>
> the _python_ language should block the read request?
>

I don't get that part either -- the problem is in win32all.

But I think that's a real security hole waiting to be exploited:
win32all enables scripting by default (well, in conjunction with IE)
and it uses the rexec module to restrict the powers of Python scripts.
But rexec hasn't really been carefully verified. There are tons of
way in Python to cause stack overflows (e.g. by doing things to
self-referential objects) and I wouldn't be surprised if one of those
could be exploited. Buffer overflows in Python also haven't been the
subject of careful study until very recently -- and we fixed a number
that could affect Python 2.1 and before.

--Guido van Rossum (home page: http://www.python.org/~guido/)

----- End forwarded message -----

============================================================================
Delivery co-sponsored by VeriSign - The Internet Trust Company
============================================================================
FREE E-COMMERCE SECURITY INFRASTRUCTURE GUIDE
When building an e-commerce site, you want to start with a strong, secure
foundation. Learn how with VeriSign's FREE White Paper, "Building an
E-Commerce Trust Infrastructure." See how you can authenticate your site to
customers, use 128-Bit SSL encryption to secure your web servers, and accept
secure payments online. Click here:
http://www.verisign.com/cgi-bin/go.cgi?a=n116965650045000
============================================================================



Relevant Pages

  • Re: is there a safe marshaler?
    ... [Alan Kennedy] ... Well, the python JSON codec provided appears to use eval, which might ... that it can be made completely secure very easily. ... The codec uses tokenize.generate_tokens to split up the JSON string into ...
    (comp.lang.python)
  • Re: safe strcpy()?
    ... there's always Python or C#. ... Does anyone on this list have any connection with the GCC developers? ... > sudden their code is safe. ... > Writing Secure Code 2nd Edition ...
    (SecProg)
  • Re: Python secure?
    ... what I wrote was in the context of a beginning programmer ... asking if Python is secure -- in particular. ... Despite your out-of-context sniping, I believe ...
    (comp.lang.python)
  • Re: Secure Voting software
    ... > What things must I keep in mind when I design a python application to be ... Buffer overruns are just one narrow type of security failure. ... Security is really a hard subject and even systems built by experts ... write secure software, and also some HOWTO's. ...
    (comp.lang.python)
  • Re: MS01-058 problems and more
    ... FREE E-COMMERCE SECURITY INFRASTRUCTURE GUIDE ... When building an e-commerce site, you want to start with a strong, secure ...
    (NT-Bugtraq)