Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #49908
| References | (6 earlier) <mailman.4164.1372856454.3114.python-list@python.org> <51d424de$0$9505$c3e8da3$5496439d@news.astraweb.com> <2t79t81lbf5v8aeleicalff2q167e1v849@4ax.com> <alpine.DEB.2.02.1307040904170.18702@gilgamesh> <51D5F33D.9080008@gmail.com> |
|---|---|
| Date | 2013-07-05 08:39 +1000 |
| Subject | Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] |
| From | Chris Angelico <rosuav@gmail.com> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.4256.1372977587.3114.python-list@python.org> (permalink) |
On Fri, Jul 5, 2013 at 8:12 AM, Andrew Berg <robotsondrugs@gmail.com> wrote: > On 2013.07.04 09:08, Wayne Werner wrote: >> powershell -ExecutionPolicy Bypass -File ... >> >> >> \o/ >> >> Microsoft "security" at it again! (reminds me a bit of just pushing >> "Cancel" to log into windows 98, I think it was) > From an MSDN page linked in one of the answers: >> Now, why is >> >> PowerShell.exe –ExecutionPolicy Bypass –File c:\temp\bad-script.ps1 >> >> not a security bug? Ultimately, if bad code has the ability to run this code, it already has control of the machine. > http://blogs.msdn.com/b/powershell/archive/2008/09/30/powershell-s-security-guiding-principles.aspx > > If an attacker can run code, he/she already has the capability to well, run code. Well, the whole point of sandboxing is to allow some code and not other - look at web browser scripts. You can run your JavaScript code on someone else's machine without the capability to run arbitrary code. What this proves is that PowerShell is not a sandboxing environment. It has just two states: Trusted and untrusted. Untrusted code may not run. Trusted code has full access as though the administrator typed the commands by hand. Unix has measures to prevent a running process from having full control over the system, but even there, privilege escalation attacks (usually involving some application that runs as root) have been known. Restricting a running binary (as opposed to creating an interpreted and very slow language) is a distinctly hard problem. ChrisA
Back to comp.lang.python | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
How to tell Script to use pythonw.exe ? goldtech <leegold@operamail.com> - 2013-07-02 18:20 -0700
Re: How to tell Script to use pythonw.exe ? goldtech <leegold@operamail.com> - 2013-07-02 18:28 -0700
Re: How to tell Script to use pythonw.exe ? Tim Roberts <timr@probo.com> - 2013-07-02 20:43 -0700
Re: How to tell Script to use pythonw.exe ? Νίκος <nikos@superhost.gr> - 2013-07-03 18:22 +0300
Re: How to tell Script to use pythonw.exe ? Νίκος <nikos@superhost.gr> - 2013-07-03 19:50 +0300
Re: How to tell Script to use pythonw.exe ? alex23 <wuwei23@gmail.com> - 2013-07-04 11:28 +1000
Re: How to tell Script to use pythonw.exe ? Benjamin Kaplan <benjamin.kaplan@case.edu> - 2013-07-03 09:36 -0700
Re: How to tell Script to use pythonw.exe ? Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-07-03 01:29 +0000
Re: How to tell Script to use pythonw.exe ? Andrew Berg <robotsondrugs@gmail.com> - 2013-07-02 20:34 -0500
DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Tim Golden <mail@timgolden.me.uk> - 2013-07-03 08:34 +0100
Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Chris Angelico <rosuav@gmail.com> - 2013-07-03 17:41 +1000
Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Andrew Berg <robotsondrugs@gmail.com> - 2013-07-03 03:28 -0500
Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Tim Golden <mail@timgolden.me.uk> - 2013-07-03 09:51 +0100
Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Tim Chase <python.list@tim.thechases.com> - 2013-07-03 07:50 -0500
Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Tim Golden <mail@timgolden.me.uk> - 2013-07-03 14:00 +0100
Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-07-03 13:19 +0000
Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Jeff Schwab <jeff@schwabcenter.com> - 2013-07-03 09:22 -0400
Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2013-07-03 18:11 -0400
Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Ian Kelly <ian.g.kelly@gmail.com> - 2013-07-03 17:35 -0600
Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Wayne Werner <wayne@waynewerner.com> - 2013-07-04 09:08 -0500
Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Andrew Berg <robotsondrugs@gmail.com> - 2013-07-04 17:12 -0500
Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Chris Angelico <rosuav@gmail.com> - 2013-07-05 08:39 +1000
Re: DOS or not? [was Re: How to tell Script to use pythonw.exe ?] Chris Angelico <rosuav@gmail.com> - 2013-07-04 00:00 +1000
csiph-web