Message 117504 - Python tracker

Message117504

Author	jcea
Recipients	akr, akuchling, barry, benjamin.peterson, dmalcolm, glyph, gregory.p.smith, iankko, jcea, loewis, pitrou, psss, r.david.murray, thoger
Date	2010-09-28.03:25:14
SpamBayes Score	0.13463375
Marked as misclassified	No
Message-id	<1285644317.14.0.178366297729.issue5753@psf.upfronthosting.co.za>
In-reply-to

Content
This issue is equivalent to MS Windows DLL hijacking (the MS situation is worse, because the DDL can be in network shares or, even , in remote webdav servers): http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html http://news.cnet.com/8301-27080_3-20014625-245.html When I learned about this attack, my first thought was "what if sys.path.index('')>=0?". Arg!.

Content

This issue is equivalent to MS Windows DLL hijacking (the MS situation is worse, because the DDL can be in network shares or, even , in remote webdav servers):

http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html
http://news.cnet.com/8301-27080_3-20014625-245.html

When I learned about this attack, my first thought was "what if sys.path.index('')>=0?". Arg!.

History
Date	User	Action	Args
2010-09-28 03:25:17	jcea	set	recipients: + jcea, loewis, barry, akuchling, gregory.p.smith, pitrou, benjamin.peterson, glyph, psss, r.david.murray, iankko, akr, thoger, dmalcolm
2010-09-28 03:25:17	jcea	set	messageid: <1285644317.14.0.178366297729.issue5753@psf.upfronthosting.co.za>
2010-09-28 03:25:15	jcea	link	issue5753 messages
2010-09-28 03:25:14	jcea	create