Python 0wned: malicious snakes on a cloud?

Researcher creates proof of concept Python module installation file that executes code with root privileges while remaining off the radar

Amongst the many features of Python is the ability to install modules, or packages, to extend the functionality of your own programs. Once installed, these modules will execute alongside your own code. However, a researcher called ‘mschwager’ has posted details of a proof of concept file to GitHub called 0wned which shows how malicious code can be executed when you initially install the package itself. By manipulating the setup.py file within the Python ‘pip’ package manager, 0wned was “able to successfully write to the root directory” mschwager says, continuing “this means that 0wned can do anything as the root or administrative user.”

Click here to read complete article

Leave a Reply

Your email address will not be published. Required fields are marked *