On Sat, Jun 27, 2015 at 3:59 PM, Ian Kelly <ian.g.ke...@gmail.com> wrote: > On Fri, Jun 26, 2015 at 7:21 PM, Chris Angelico <ros...@gmail.com> wrote: >> On Sat, Jun 27, 2015 at 6:09 AM, Randall Smith <rand...@tnr.cc> wrote: >>> Give me one plausible scenario where an attacker can cause malware to hit >>> the disk after bytearray.translate with a 256 byte translation table and >>> I'll be thankful to you. >> >> The entire 256-byte translation table is significant ONLY if you need >> all 256 possible bytes. Suppose I want to generate the following byte >> sequence: >> >> "\xCD\x19" >> >> (Okay, this is a slightly oversimplified example, as this attack >> doesn't work on a modern Windows. But back in the days of DOS, this >> program would reboot your computer.) > > Nice! When I suggested the possibility of a two byte value malicious > payload, I thought it an extreme example of the hypothetical attack. I > didn't expect that somebody might actually produce one.
I'm fairly sure this won't actually work on a modern system (I tried it and all that happened was that debug.exe terminated), but it's entirely possible there are other attacks. Or attacks that require only a small number of bytes - maybe create a gzip bomb that will expand to petabytes of data, that probably wouldn't need many unique byte values. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
