Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #49908
| Path | csiph.com!usenet.pasdenom.info!gegeweb.org!de-l.enfer-du-nord.net!feeder2.enfer-du-nord.net!feeds.phibee-telecom.net!newsfeed.xs4all.nl!newsfeed4.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail |
|---|---|
| Return-Path | <rosuav@gmail.com> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.006 |
| X-Spam-Evidence | '*H*': 0.99; '*S*': 0.00; 'subject:not': 0.03; 'binary': 0.07; 'url:msdn': 0.07; 'interpreted': 0.09; 'typed': 0.09; 'url:archive': 0.09; 'runs': 0.10; 'subject:How': 0.10; 'windows': 0.15; '"cancel"': 0.16; 'answers:': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'language)': 0.16; 'measures': 0.16; 'restricting': 0.16; 'scripts.': 0.16; 'skip:\x96 10': 0.16; 'url:blogs': 0.16; 'wayne': 0.16; 'prevent': 0.16; 'wrote:': 0.18; 'code.': 0.18; 'bit': 0.19; 'machine': 0.22; 'code,': 0.22; 'creating': 0.23; 'header:In-Reply-To:1': 0.27; 'point': 0.28; 'am,': 0.29; 'unix': 0.29; 'andrew': 0.30; 'involving': 0.30; 'message- id:@mail.gmail.com': 0.30; 'code': 0.31; '(usually': 0.31; 'bug?': 0.31; 'url:2008': 0.31; 'run': 0.32; 'running': 0.33; 'fri,': 0.33; 'there,': 0.34; 'problem.': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'machine.': 0.36; 'opposed': 0.36; 'application': 0.37; 'two': 0.37; 'system,': 0.38; 'to:addr :python-list': 0.38; 'skip:- 10': 0.38; 'ability': 0.39; 'bad': 0.39; 'environment.': 0.39; 'to:addr:python.org': 0.39; '8bit%:6': 0.40; 'even': 0.60; 'commands': 0.60; 'full': 0.61; 'browser': 0.61; 'linked': 0.65; 'charset:windows-1252': 0.65; 'jul': 0.74; 'again!': 0.84; 'capability': 0.84; "else's": 0.84; 'hand.': 0.84; 'proves': 0.84; 'subject:tell': 0.84; '2013': 0.98 |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=s02o6s31gLd1kCSGAJjIUHkQb4rTbG4+H0lGZk1HA5I=; b=QNVaESts9WHB8w1hYW81l3aWYxJkyhH1oECAbGrbCJQLzsqwRuMcSsw8PQEODIxcnj 0IndGmJKimkSatvu5bFc0+/suFCKKh1II8L6Nc8KI5lM6wnLH26Q98Qna4Z6ow72GYJx 7/yiLsl0kS4P+LYJsBiu9hneCi5N5S9LKp7/S1UFSX6UFBIroWQZw8CdbDK3D8Hq+HLi 7pCWfBumOfRcLEPl+TY8WL8NwUDpR6l9S9zpqqgEnkS6VrLxRyIZpRc6awgOPvCaYUvg v0g8922/Vng4i7K7Bbp8XGYBvXh3Mzx5nfvc544NAPvWEcxXhaTdV4+pBtXBS4UUDOoF LSxQ== |
| MIME-Version | 1.0 |
| X-Received | by 10.52.93.106 with SMTP id ct10mr3788145vdb.83.1372977579460; Thu, 04 Jul 2013 15:39:39 -0700 (PDT) |
| In-Reply-To | <51D5F33D.9080008@gmail.com> |
| References | <a4d1d0ff-2619-42da-b7f2-4ef1ac10e549@googlegroups.com> <51D37F8A.3010905@gmail.com> <51D3D415.5060802@timgolden.me.uk> <51D3E091.6020706@gmail.com> <51D3E5F9.6010008@timgolden.me.uk> <20130703075046.2f0737de@bigbox.christie.dr> <mailman.4164.1372856454.3114.python-list@python.org> <51d424de$0$9505$c3e8da3$5496439d@news.astraweb.com> <2t79t81lbf5v8aeleicalff2q167e1v849@4ax.com> <alpine.DEB.2.02.1307040904170.18702@gilgamesh> <51D5F33D.9080008@gmail.com> |
| Date | Fri, 5 Jul 2013 08:39:39 +1000 |
| Subject | Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] |
| From | Chris Angelico <rosuav@gmail.com> |
| To | python-list@python.org |
| Content-Type | text/plain; charset=windows-1252 |
| Content-Transfer-Encoding | quoted-printable |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.15 |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list/> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.4256.1372977587.3114.python-list@python.org> (permalink) |
| Lines | 41 |
| NNTP-Posting-Host | 2001:888:2000:d::a6 |
| X-Trace | 1372977587 news.xs4all.nl 15978 [2001:888:2000:d::a6]:35389 |
| X-Complaints-To | abuse@xs4all.nl |
| Xref | csiph.com comp.lang.python:49908 |
Show key headers only | View raw
On Fri, Jul 5, 2013 at 8:12 AM, Andrew Berg <robotsondrugs@gmail.com> wrote: > On 2013.07.04 09:08, Wayne Werner wrote: >> powershell -ExecutionPolicy Bypass -File ... >> >> >> \o/ >> >> Microsoft "security" at it again! (reminds me a bit of just pushing >> "Cancel" to log into windows 98, I think it was) > From an MSDN page linked in one of the answers: >> Now, why is >> >> PowerShell.exe –ExecutionPolicy Bypass –File c:\temp\bad-script.ps1 >> >> not a security bug? Ultimately, if bad code has the ability to run this code, it already has control of the machine. > http://blogs.msdn.com/b/powershell/archive/2008/09/30/powershell-s-security-guiding-principles.aspx > > If an attacker can run code, he/she already has the capability to well, run code. Well, the whole point of sandboxing is to allow some code and not other - look at web browser scripts. You can run your JavaScript code on someone else's machine without the capability to run arbitrary code. What this proves is that PowerShell is not a sandboxing environment. It has just two states: Trusted and untrusted. Untrusted code may not run. Trusted code has full access as though the administrator typed the commands by hand. Unix has measures to prevent a running process from having full control over the system, but even there, privilege escalation attacks (usually involving some application that runs as root) have been known. Restricting a running binary (as opposed to creating an interpreted and very slow language) is a distinctly hard problem. ChrisA
Back to comp.lang.python | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
How to tell Script to use pythonw.exe ? goldtech <leegold@operamail.com> - 2013-07-02 18:20 -0700
Re: How to tell Script to use pythonw.exe ? goldtech <leegold@operamail.com> - 2013-07-02 18:28 -0700
Re: How to tell Script to use pythonw.exe ? Tim Roberts <timr@probo.com> - 2013-07-02 20:43 -0700
Re: How to tell Script to use pythonw.exe ? Νίκος <nikos@superhost.gr> - 2013-07-03 18:22 +0300
Re: How to tell Script to use pythonw.exe ? Νίκος <nikos@superhost.gr> - 2013-07-03 19:50 +0300
Re: How to tell Script to use pythonw.exe ? alex23 <wuwei23@gmail.com> - 2013-07-04 11:28 +1000
Re: How to tell Script to use pythonw.exe ? Benjamin Kaplan <benjamin.kaplan@case.edu> - 2013-07-03 09:36 -0700
Re: How to tell Script to use pythonw.exe ? Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-07-03 01:29 +0000
Re: How to tell Script to use pythonw.exe ? Andrew Berg <robotsondrugs@gmail.com> - 2013-07-02 20:34 -0500
DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Tim Golden <mail@timgolden.me.uk> - 2013-07-03 08:34 +0100
Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Chris Angelico <rosuav@gmail.com> - 2013-07-03 17:41 +1000
Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Andrew Berg <robotsondrugs@gmail.com> - 2013-07-03 03:28 -0500
Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Tim Golden <mail@timgolden.me.uk> - 2013-07-03 09:51 +0100
Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Tim Chase <python.list@tim.thechases.com> - 2013-07-03 07:50 -0500
Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Tim Golden <mail@timgolden.me.uk> - 2013-07-03 14:00 +0100
Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-07-03 13:19 +0000
Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Jeff Schwab <jeff@schwabcenter.com> - 2013-07-03 09:22 -0400
Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2013-07-03 18:11 -0400
Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Ian Kelly <ian.g.kelly@gmail.com> - 2013-07-03 17:35 -0600
Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Wayne Werner <wayne@waynewerner.com> - 2013-07-04 09:08 -0500
Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Andrew Berg <robotsondrugs@gmail.com> - 2013-07-04 17:12 -0500
Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Chris Angelico <rosuav@gmail.com> - 2013-07-05 08:39 +1000
Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Chris Angelico <rosuav@gmail.com> - 2013-07-04 00:00 +1000
csiph-web