On 2 Sep 2014 00:59, "Antoine Pitrou" <soli...@pitrou.net> wrote:
>> On Tue, 2 Sep 2014 00:53:11 +1000> Nick Coghlan <ncog...@gmail.com> wrote:> > >> > > To be frank I don't understand what you're arguing about.> >> > When I said "shadowing ssl can be tricky to arrange", Chris correctly> > interpreted it as referring to the filesystem based privilege escalation> > scenario that isolated mode handles, not to normal in-process> > monkeypatching or module injection.>> There's no actual difference. You can have a sitecustomize.py that does> the monkeypatching or the shadowing. There doesn't seem to be anything> "tricky" about that.
Oh, now I get what you mean - yes, sitecustomize already poses the same
kind of problem as the proposed sslcustomize (hence the existence of the
related command line options).
I missed that you had switched to talking about using that attack vector,
rather than trying to shadow stdlib modules directly through the filesystem
(which is the only tricky thing I was referring to).
Cheers,
Nick.
_______________________________________________
Python-Dev mailing list
Pyth...@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: https://mail.python.org/mailman/options/python-dev/python-dev-ml%40activestate.com
Recent Messages in this Thread |
|
Alex Gaynor |
Aug 29, 2014 07:47 pm |
|
David Reid |
Aug 29, 2014 07:56 pm |
|
M.-A. Lemburg |
Aug 29, 2014 08:00 pm |
|
Ethan Furman |
Aug 29, 2014 08:07 pm |
|
Nick Coghlan |
Aug 30, 2014 11:26 pm |
|
Antoine Pitrou |
Aug 31, 2014 01:25 am |
|
R. David Murray |
Aug 31, 2014 02:21 am |
|
Nick Coghlan |
Aug 31, 2014 06:09 am |
|
Donald Stufft |
Aug 31, 2014 06:16 am |
|
Nick Coghlan |
Aug 31, 2014 06:45 am |
|
Cory Benfield |
Aug 31, 2014 10:42 am |
|
R. David Murray |
Aug 31, 2014 02:16 pm |
|
Christian Heimes |
Aug 31, 2014 04:27 pm |
|
Paul Moore |
Aug 31, 2014 05:03 pm |
|
Antoine Pitrou |
Aug 31, 2014 05:29 pm |
|
Paul Moore |
Aug 31, 2014 06:28 pm |
|
Antoine Pitrou |
Aug 31, 2014 06:37 pm |
|
Paul Moore |
Aug 31, 2014 07:12 pm |
|
Antoine Pitrou |
Aug 31, 2014 08:15 pm |
|
Paul Moore |
Aug 31, 2014 08:30 pm |
|
Nick Coghlan |
Aug 31, 2014 09:41 pm |
|
Antoine Pitrou |
Aug 31, 2014 09:53 pm |
|
Christian Heimes |
Aug 31, 2014 09:59 pm |
|
Christian Heimes |
Aug 31, 2014 08:16 pm |
|
Christian Heimes |
Aug 31, 2014 09:43 pm |
|
Nick Coghlan |
Aug 31, 2014 10:10 pm |
|
R. David Murray |
Sep 01, 2014 01:10 am |
|
Nick Coghlan |
Sep 01, 2014 06:05 am |
|
Nick Coghlan |
Sep 02, 2014 10:12 pm |
|
Paul Moore |
Sep 01, 2014 06:07 am |
|
Nick Coghlan |
Sep 01, 2014 06:44 am |
|
Christian Heimes |
Sep 01, 2014 07:13 am |
|
Nick Coghlan |
Sep 01, 2014 08:09 am |
|
Antoine Pitrou |
Sep 01, 2014 12:41 pm |
|
Chris Angelico |
Sep 01, 2014 01:24 pm |
|
Antoine Pitrou |
Sep 01, 2014 01:34 pm |
|
Chris Angelico |
Sep 01, 2014 01:42 pm |
|
Antoine Pitrou |
Sep 01, 2014 01:59 pm |
|
Nick Coghlan |
Sep 01, 2014 02:53 pm |
|
Antoine Pitrou |
Sep 01, 2014 02:57 pm |
|
M.-A. Lemburg |
Sep 08, 2014 08:09 am |
|
Donald Stufft |
Aug 31, 2014 10:15 pm |
|
Nick Coghlan |
Sep 01, 2014 12:06 am |
|
Nick Coghlan |
Aug 31, 2014 06:24 am |
|
Christian Heimes |
Aug 31, 2014 05:23 pm |
|
Donald Stufft |
Aug 29, 2014 08:10 pm |
|
Donald Stufft |
Aug 29, 2014 09:11 pm |
|
R. David Murray |
Aug 29, 2014 09:42 pm |
|
Antoine Pitrou |
Aug 29, 2014 09:57 pm |
|
Donald Stufft |
Aug 29, 2014 10:00 pm |
|
R. David Murray |
Aug 29, 2014 10:57 pm |
|
Antoine Pitrou |
Aug 29, 2014 09:55 pm |
|
M.-A. Lemburg |
Aug 29, 2014 09:58 pm |
|
Donald Stufft |
Aug 29, 2014 10:08 pm |
|
Antoine Pitrou |
Aug 29, 2014 10:22 pm |
|
Christian Heimes |
Aug 31, 2014 11:18 am |
|
Alex Gaynor |
Aug 30, 2014 02:44 am |
|
M.-A. Lemburg |
Aug 30, 2014 10:19 am |
|
Antoine Pitrou |
Aug 30, 2014 10:40 am |
|
M.-A. Lemburg |
Aug 30, 2014 10:46 am |
|
Antoine Pitrou |
Aug 30, 2014 10:55 am |
|
M.-A. Lemburg |
Aug 30, 2014 12:03 pm |
|
R. David Murray |
Aug 30, 2014 01:32 pm |
|
M.-A. Lemburg |
Aug 30, 2014 02:20 pm |
|
Steve Dower |
Aug 30, 2014 02:24 pm |
|
Barry Warsaw |
Aug 30, 2014 04:42 pm |
|
Paul Moore |
Aug 30, 2014 10:48 am |
|
Alex Gaynor |
Aug 30, 2014 03:22 pm |
|
Paul Moore |
Aug 30, 2014 03:36 pm |
|
Marko Rauhamaa |
Aug 30, 2014 04:17 pm |
|
Christian Heimes |
Aug 30, 2014 05:21 pm |
|
mar...@v.loewis.de |
Aug 30, 2014 08:03 pm |
|
Stephen J. Turnbull |
Aug 31, 2014 05:53 am |
|
Glyph Lefkowitz |
Sep 02, 2014 09:00 pm |
|
Antoine Pitrou |
Sep 02, 2014 09:32 pm |
|
Alex Gaynor |
Sep 02, 2014 10:16 pm |
|
Antoine Pitrou |
Sep 02, 2014 10:25 pm |
|
Nick Coghlan |
Sep 02, 2014 11:01 pm |
|
David Reid |
Sep 02, 2014 11:06 pm |
|
Nick Coghlan |
Sep 02, 2014 11:28 pm |
|
Glyph Lefkowitz |
Sep 02, 2014 11:47 pm |
|
Donald Stufft |
Sep 03, 2014 12:06 am |
|
Antoine Pitrou |
Sep 03, 2014 12:19 am |
|
Stephen J. Turnbull |
Sep 03, 2014 02:43 am |
|
Cory Benfield |
Sep 03, 2014 08:26 am |
|
Nick Coghlan |
Sep 03, 2014 10:34 am |
|
Antoine Pitrou |
Sep 03, 2014 02:29 pm |
|
Terry Reedy |
Sep 03, 2014 12:59 am |
|
R. David Murray |
Sep 03, 2014 01:29 am |
|
Antoine Pitrou |
Sep 03, 2014 02:31 pm |
|
R. David Murray |
Sep 03, 2014 03:58 pm |
|
Ethan Furman |
Sep 03, 2014 05:09 pm |
|
Alex Gaynor |
Sep 03, 2014 05:15 pm |
|
Ethan Furman |
Sep 03, 2014 05:29 pm |
|
Christian Heimes |
Sep 03, 2014 07:07 pm |
|
R. David Murray |
Sep 03, 2014 07:10 pm |
|
Ethan Furman |
Sep 03, 2014 07:42 pm |
|
Guido van Rossum |
Sep 03, 2014 05:54 pm |
|
Antoine Pitrou |
Sep 03, 2014 06:37 pm |
|
R. David Murray |
Sep 03, 2014 07:06 pm |
|
Guido van Rossum |
Sep 03, 2014 07:11 pm |
|
Nick Coghlan |
Sep 03, 2014 11:19 pm |
|
Antoine Pitrou |
Sep 03, 2014 11:36 pm |
|
Ethan Furman |
Sep 04, 2014 12:00 am |
|
Ethan Furman |
Sep 04, 2014 12:17 am |
|
Nick Coghlan |
Sep 04, 2014 03:11 am |
|
Antoine Pitrou |
Sep 04, 2014 12:39 pm |
|
Nick Coghlan |
Sep 04, 2014 01:31 pm |
|
Donald Stufft |
Sep 03, 2014 06:39 pm |
|
Christian Heimes |
Sep 03, 2014 07:26 pm |
|
Guido van Rossum |
Sep 03, 2014 07:37 pm |
|
Christian Heimes |
Sep 03, 2014 07:50 pm |
|
Alex Gaynor |
Sep 03, 2014 08:37 pm |
|
Benjamin Peterson |
Sep 03, 2014 11:10 pm |
|
Nick Coghlan |
Sep 03, 2014 11:29 pm |
|
Victor Stinner |
Sep 03, 2014 07:37 pm |
|
Christian Heimes |
Sep 03, 2014 07:44 pm |
|
Stephen J. Turnbull |
Sep 03, 2014 10:48 pm |
|
Gregory P. Smith |
Sep 08, 2014 09:35 pm |
|
Glyph Lefkowitz |
Sep 02, 2014 11:21 pm |
|
R. David Murray |
Sep 02, 2014 11:20 pm |
|
Christian Heimes |
Sep 02, 2014 10:41 pm |
|
Nick Coghlan |
Sep 01, 2014 09:31 pm |
|
Christian Heimes |
Sep 01, 2014 05:01 pm |
|
Donald Stufft |
Sep 01, 2014 05:08 pm |
Re: [Python-Dev] PEP 476: Enabling certificate validation by default! |
Nick Coghlan |
Sep 01, 2014 03:35 pm |
|
Donald Stufft |
Sep 01, 2014 04:48 pm |