Python 0wned: malicious snakes on a cloud?

Researcher creates proof of concept Python module installation file that executes code with root privileges while remaining off the radar

Amongst the many features of Python is the ability to install modules, or packages, to extend the functionality of your own programs. Once installed, these modules will execute alongside your own code. However, a researcher called ‘mschwager’ has posted details of a proof of concept file to GitHub called 0wned which shows how malicious code can be executed when you initially install the package itself. By manipulating the setup.py file within the Python ‘pip’ package manager, 0wned was “able to successfully write to the root directory” mschwager says, continuing “this means that 0wned can do anything as the root or administrative user.”

Click here to read complete article

2 thoughts on “Python 0wned: malicious snakes on a cloud?

  • October 2, 2018 at 8:05 AM
    Permalink

    And the award for best security news report headline goes to…

    Reply
    • October 4, 2018 at 9:31 AM
      Permalink

      Oh, I can and have done better than that!

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *