Random832 <random...@fastmail.com>: > On Mon, Aug 22, 2016, at 11:40, Chris Angelico wrote: >> Windows has some other issues, including that arbitrary files can >> become executable very easily (eg if %PATHEXT% includes its file >> extension), and since the current directory is always at the >> beginning of your path, this can easily turn into a remote code >> execution exploit. > > I didn't include dot in my example whitelist, and there's no mechanism > for an attacker to add random extensions to your PATHEXT.
Years back, my FTP server was hacked by exploiting a buffer overflow. The anonymous input directory contained a very long filename that apparently contained some valid x86 code. Did you vet your whitelist so it couldn't possibly be interpreted by the CPU as meaningful instructions? Marko -- https://mail.python.org/mailman/listinfo/python-list
