On Sun, 2011-10-09 at 10:54 -0300, Bruno Rocha wrote: > symantec found a worm which infects. pyc files[1] > > the virus source code is in [2] > > [1] http://www.symantec.com/connect/blogs/python-has-venom > > [2] https://github.com/maurobaraldi/Pytroj
I don't see where the exact risk is, a part from that a .pyc doing
something different may be shipped along with a .py that looks like it
is the source code, but it isn't; this is quite like shipping
something.exe plus something.c: nothing guarantees that something.c is
the source code for something.exe.
Plus, everything that can modify the .pyc would probably also be able to
modify the .py directly, run malicious code directly, etc. etc..
--
Samuele ~redShadow~ Santi
----------------------------------------------------------------
redshadow[at]hackzine.org - redshadowhack[at]gmail.com
Blog: http://hackzine.org
GPG Key signature:
050D 3E9F 6E0B 44CE C008 D1FC 166C 3C7E EB26 4933
----------------------------------------------------------------
/me recommends:
Squadra Informatica - http://www.squadrainformatica.com
----------------------------------------------------------------
- Proud ThinkPad T-Series owner
- Registered Linux-User: #440008
* GENTOO User since 1199142000 (2008-01-01)
* former DEBIAN SID user
----------------------------------------------------------------
"Software is like sex: it's better when it's free!"
-- Linus Torvalds
signature.asc
Description: This is a digitally signed message part
