Serious privacy leak in Python for Windows
Mark Hammond
mhammond at skippinet.com.au
Tue Jan 15 23:16:26 EST 2002
Richard M. Smith wrote:
> There is a privacy leak problem in many Python implementations for
Windows
> which allow a malicious Web page or HTML email message to read the
> contents of file from a user's hard drive and send the contents
> back to a Web site. The problem occurs in Windows Python
> implementations that supports Python as a scripting language for
> Web pages in Internet Explorer.
The ActiveScripting engine in Python, when used by IE, uses the "rexec"
module to restrict what the code can do - Python's closest thing to a
"sandbox".
This rexec module does prevent file writes etc, but allows file reads -
it uses a "safety" model rather than a "privacy" model.
However, Paul Prescod wrote:
> I doubt Python's sandbox technologies have got that level of review
> and to be honest I would not trust them!
and I am inclined to agree. Guido also says as much in private mail.
So, rather than to fix this hole, I think the best solution is to
disable "safe" scripting by the Python Scripting engine. This will mean
ASP, WSH etc. will continue to work, but IE will refuse to execute the
scripts.
So: to disable ALL Python Active Scripting on your machine, simply execute:
Z:\>win32comext\axscript\client\pyscript.py --unregister
This will close the loophole, but also prevent ASP, WSH etc from working.
Later versions of win32all/ActivePython will be setup so that ASP etc
work by default, but you will need to manually register an alternative
COM object for use with IE.
Mark.
More information about the Python-list
mailing list