Path: csiph.com!usenet.pasdenom.info!weretis.net!feeder4.news.weretis.net!ecngs!feeder2.ecngs.de!newsfeed.freenet.ag!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.017 X-Spam-Evidence: '*H*': 0.97; '*S*': 0.00; 'subject:not': 0.03; 'cpython': 0.05; 'url:msdn': 0.07; 'url:archive': 0.09; 'subject:How': 0.10; 'windows': 0.15; '"cancel"': 0.16; 'answers:': 0.16; 'url:blogs': 0.16; 'wayne': 0.16; 'wrote:': 0.18; 'code.': 0.18; 'bit': 0.19; 'code,': 0.22; 'header:User- Agent:1': 0.23; 'header:In-Reply-To:1': 0.27; 'code': 0.31; 'bug?': 0.31; 'url:2008': 0.31; 'run': 0.32; 'received:google.com': 0.35; '8bit%:17': 0.36; 'machine.': 0.36; 'message-id:@gmail.com': 0.38; 'to:addr:python-list': 0.38; 'skip:- 10': 0.38; 'ability': 0.39; 'bad': 0.39; 'to:addr:python.org': 0.39; 'linked': 0.65; 'skip:\xe2 10': 0.65; '9.1': 0.84; 'again!': 0.84; 'capability': 0.84; 'freebsd': 0.84; 'subject:tell': 0.84 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=803DT5nYvLfLIBxxDW94MCqJhBg/c2yU0QEbGnA6Ivk=; b=dEyYIbEsYiMNrRqaAgpLw1NzqBaKgwvnoCIWKnEy5X/4TbqB+3b4EuYxdEvfTjeAsz 0bsdzBsA+DAVqZBPNWVPKC3rAMuUgY4Rl5Pjsw1Tjs1Zr1s9jHOjRpqvChwW0BYuam2k jNqai4HCN5NpduFwhdqIWzaG8AXtMrU6mSQKwfiiu9t9IgQHCt+K/+MhQXepAgOZfI3q oW2aSgPnabMxCJCxAXqoIqaPE3Xsj5wBCWGWyulYd00EvA4LI1G5DrFm6qAi5YE3GmPn S9T6B+TC0AqPwBIzg3NEQXPIbLX9sRi+2TAZlhyYpsDBufC6mqUBhTKOZbB6Mp8L6SkT cxTg== X-Received: by 10.50.79.169 with SMTP id k9mr27988559igx.20.1372975935242; Thu, 04 Jul 2013 15:12:15 -0700 (PDT) Date: Thu, 04 Jul 2013 17:12:13 -0500 From: Andrew Berg User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20130107 Thunderbird/17.0.2 MIME-Version: 1.0 To: python-list@python.org Subject: Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] References: <51D37F8A.3010905@gmail.com> <51D3D415.5060802@timgolden.me.uk> <51D3E091.6020706@gmail.com> <51D3E5F9.6010008@timgolden.me.uk> <20130703075046.2f0737de@bigbox.christie.dr> <51d424de$0$9505$c3e8da3$5496439d@news.astraweb.com> <2t79t81lbf5v8aeleicalff2q167e1v849@4ax.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 19 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1372976397 news.xs4all.nl 15934 [2001:888:2000:d::a6]:56888 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:49905 On 2013.07.04 09:08, Wayne Werner wrote: > powershell -ExecutionPolicy Bypass -File ... > > > \o/ > > Microsoft "security" at it again! (reminds me a bit of just pushing > "Cancel" to log into windows 98, I think it was) >From an MSDN page linked in one of the answers: > Now, why is > > PowerShell.exe –ExecutionPolicy Bypass –File c:\temp\bad-script.ps1 > > not a security bug? Ultimately, if bad code has the ability to run this code, it already has control of the machine. http://blogs.msdn.com/b/powershell/archive/2008/09/30/powershell-s-security-guiding-principles.aspx If an attacker can run code, he/she already has the capability to well, run code. -- CPython 3.3.2 | Windows NT 6.2.9200 / FreeBSD 9.1