Path: csiph.com!usenet.pasdenom.info!gegeweb.org!de-l.enfer-du-nord.net!feeder2.enfer-du-nord.net!feeds.phibee-telecom.net!newsfeed.xs4all.nl!newsfeed4.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.006 X-Spam-Evidence: '*H*': 0.99; '*S*': 0.00; 'subject:not': 0.03; 'binary': 0.07; 'url:msdn': 0.07; 'interpreted': 0.09; 'typed': 0.09; 'url:archive': 0.09; 'runs': 0.10; 'subject:How': 0.10; 'windows': 0.15; '"cancel"': 0.16; 'answers:': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'language)': 0.16; 'measures': 0.16; 'restricting': 0.16; 'scripts.': 0.16; 'skip:\x96 10': 0.16; 'url:blogs': 0.16; 'wayne': 0.16; 'prevent': 0.16; 'wrote:': 0.18; 'code.': 0.18; 'bit': 0.19; 'machine': 0.22; 'code,': 0.22; 'creating': 0.23; 'header:In-Reply-To:1': 0.27; 'point': 0.28; 'am,': 0.29; 'unix': 0.29; 'andrew': 0.30; 'involving': 0.30; 'message- id:@mail.gmail.com': 0.30; 'code': 0.31; '(usually': 0.31; 'bug?': 0.31; 'url:2008': 0.31; 'run': 0.32; 'running': 0.33; 'fri,': 0.33; 'there,': 0.34; 'problem.': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'machine.': 0.36; 'opposed': 0.36; 'application': 0.37; 'two': 0.37; 'system,': 0.38; 'to:addr :python-list': 0.38; 'skip:- 10': 0.38; 'ability': 0.39; 'bad': 0.39; 'environment.': 0.39; 'to:addr:python.org': 0.39; '8bit%:6': 0.40; 'even': 0.60; 'commands': 0.60; 'full': 0.61; 'browser': 0.61; 'linked': 0.65; 'charset:windows-1252': 0.65; 'jul': 0.74; 'again!': 0.84; 'capability': 0.84; "else's": 0.84; 'hand.': 0.84; 'proves': 0.84; 'subject:tell': 0.84; '2013': 0.98 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=s02o6s31gLd1kCSGAJjIUHkQb4rTbG4+H0lGZk1HA5I=; b=QNVaESts9WHB8w1hYW81l3aWYxJkyhH1oECAbGrbCJQLzsqwRuMcSsw8PQEODIxcnj 0IndGmJKimkSatvu5bFc0+/suFCKKh1II8L6Nc8KI5lM6wnLH26Q98Qna4Z6ow72GYJx 7/yiLsl0kS4P+LYJsBiu9hneCi5N5S9LKp7/S1UFSX6UFBIroWQZw8CdbDK3D8Hq+HLi 7pCWfBumOfRcLEPl+TY8WL8NwUDpR6l9S9zpqqgEnkS6VrLxRyIZpRc6awgOPvCaYUvg v0g8922/Vng4i7K7Bbp8XGYBvXh3Mzx5nfvc544NAPvWEcxXhaTdV4+pBtXBS4UUDOoF LSxQ== MIME-Version: 1.0 X-Received: by 10.52.93.106 with SMTP id ct10mr3788145vdb.83.1372977579460; Thu, 04 Jul 2013 15:39:39 -0700 (PDT) In-Reply-To: <51D5F33D.9080008@gmail.com> References: <51D37F8A.3010905@gmail.com> <51D3D415.5060802@timgolden.me.uk> <51D3E091.6020706@gmail.com> <51D3E5F9.6010008@timgolden.me.uk> <20130703075046.2f0737de@bigbox.christie.dr> <51d424de$0$9505$c3e8da3$5496439d@news.astraweb.com> <2t79t81lbf5v8aeleicalff2q167e1v849@4ax.com> <51D5F33D.9080008@gmail.com> Date: Fri, 5 Jul 2013 08:39:39 +1000 Subject: Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] From: Chris Angelico To: python-list@python.org Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 41 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1372977587 news.xs4all.nl 15978 [2001:888:2000:d::a6]:35389 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:49908 On Fri, Jul 5, 2013 at 8:12 AM, Andrew Berg wrote= : > On 2013.07.04 09:08, Wayne Werner wrote: >> powershell -ExecutionPolicy Bypass -File ... >> >> >> \o/ >> >> Microsoft "security" at it again! (reminds me a bit of just pushing >> "Cancel" to log into windows 98, I think it was) > From an MSDN page linked in one of the answers: >> Now, why is >> >> PowerShell.exe =96ExecutionPolicy Bypass =96File c:\temp\bad-script.= ps1 >> >> not a security bug? Ultimately, if bad code has the ability to run this = code, it already has control of the machine. > http://blogs.msdn.com/b/powershell/archive/2008/09/30/powershell-s-securi= ty-guiding-principles.aspx > > If an attacker can run code, he/she already has the capability to well, r= un code. Well, the whole point of sandboxing is to allow some code and not other - look at web browser scripts. You can run your JavaScript code on someone else's machine without the capability to run arbitrary code. What this proves is that PowerShell is not a sandboxing environment. It has just two states: Trusted and untrusted. Untrusted code may not run. Trusted code has full access as though the administrator typed the commands by hand. Unix has measures to prevent a running process from having full control over the system, but even there, privilege escalation attacks (usually involving some application that runs as root) have been known. Restricting a running binary (as opposed to creating an interpreted and very slow language) is a distinctly hard problem. ChrisA