Path: csiph.com!optima2.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!us.feeder.erje.net!border1.nntp.ams1.giganews.com!nntp.giganews.com!news.astraweb.com!border5.a.newsrouter.astraweb.com!news.tele.dk!news.tele.dk!small.news.tele.dk!newsfeed.xs4all.nl!newsfeed8.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <rosuav@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.023
X-Spam-Evidence: '*H*': 0.95; '*S*': 0.00; 'subject:Python': 0.05; 'executed': 0.07; 'extension.': 0.09; 'thu,': 0.15; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'renaming': 0.16; 'somewhere.': 0.16; 'wrote:': 0.16; 'windows': 0.20; 'prevent': 0.20; 'to:name:python-list@python.org': 0.20; 'am,': 0.23; '2015': 0.23; "i've": 0.24; 'header:In-Reply-To:1': 0.24; 'sort': 0.25; 'van': 0.26; 'least': 0.27; 'disk': 0.27; 'message-id:@mail.gmail.com': 0.28; 'expose': 0.29; 'code': 0.31; 'anybody': 0.32; 'windows.': 0.33; 'running': 0.34; 'file': 0.34; 'received:google.com': 0.34; 'to:addr:python-list': 0.35; 'problem.': 0.35; 'but': 0.36; 'heard': 0.36; 'subject:: ': 0.37; 'does': 0.39; 'to:addr:python.org': 0.39; 'data': 0.40; 'where': 0.40; 'some': 0.40; 'easy': 0.60; 'subject:Data': 0.66; 'chrisa': 0.84; 'crafted': 0.84; 'disrupt': 0.84; 'edwards': 0.91
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=lZYKhhf6H5gMDwAmf+J7c8HeJohiPbVAv39umiTAEx8=; b=ueluxRLhrUg0sTyFqvjKYDU32Y7u6Dv6IVBRfKBHkzIbrDaPjUVDpiyY3mb9uwamX/ Rza6xN9l6s0pj9ZRAR2IXOx6UaAyYdSmtWNpqRBVbTufKcpVUg0JpR8RHpzMG8UnJ/or V1gMzTiZ9wtC++xf+e+AIYWVDk/73kWRHKfWldpZdQUVXmzjGRsDaz87GFXezGOMQ5gd eeDrciHizmYiFbvEGEgCRN+cyDvluPIVTOTqhgN1wQOflUhXCrO49E/wCoXUiEkPY0g8 q9yZk4DnQ2IIYZ/NihHJIa+49BdrDaAedmktZtTH9GsaEcuDgRM35Q/rw+JvcHgA5f5J ThtA==
MIME-Version: 1.0
X-Received: by 10.42.43.199 with SMTP id y7mr1248441ice.12.1435161300095; Wed, 24 Jun 2015 08:55:00 -0700 (PDT)
In-Reply-To: <mmejnp$i0p$1@ger.gmane.org>
References: <mailman.10.1435130890.3674.python-list@python.org> <558a9649$0$1675$c3e8da3$5496439d@news.astraweb.com> <mmed90$nho$1@reader1.panix.com> <mmejnp$i0p$1@ger.gmane.org>
Date: Thu, 25 Jun 2015 01:55:00 +1000
Subject: Re: Pure Python Data Mangling or Encrypting
From: Chris Angelico <rosuav@gmail.com>
To: "python-list@python.org" <python-list@python.org>
Content-Type: text/plain; charset=UTF-8
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.20+
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.19.1435161308.3674.python-list@python.org>
Lines: 16
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1435161308 news.xs4all.nl 2941 [2001:888:2000:d::a6]:42786
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:93083

On Thu, Jun 25, 2015 at 1:52 AM, Emile van Sebille <emile@fenx.com> wrote:
> On 6/24/2015 7:02 AM, Grant Edwards wrote:
>>
>> And how does writing unmangled data to disk expose anybody to
>> anything?  I've never heard of an exploit where writing an evilly
>> crafted bit-pattern to disk causes a any sort of problem.
>
>
> Unless that code is executed at boot.  Mangling would at least prevent it
> from executing.

Or it's on Windows. It's pretty easy to trick Windows into running
some code somewhere. But you can often disrupt that by simply renaming
the file to have no extension.

ChrisA