Junyu Zhang <rgdz....@gmail.com> added the comment:
Thank you for your reply. Yes, under normal circumstances, keys are generally not leaked. I may have only considered the following attacks at the time: 1. If the client script of the distributed process is on another machine, or the key is leaked due to accidental leak. 2. When the attacker has obtained some server permissions, but not the highest permissions, and this distributed service process runs with the highest management permissions, and the attacker has read permissions to the script code, this may cause a Simple elevation. Of course, after thinking about it carefully, I found that the above problem is just a conjecture, so now I have decided to give up reporting it as CVE, unless I find such a situation. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue40039> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
