Opened 5 years ago

Closed 5 years ago

#8274 closed defect (fixed)

PyInstaller binaries have build username in them

Reported by: dcf Owned by: erinn
Priority: Medium Milestone:
Component: Applications/Tor bundles/installation Version:
Severity: Keywords: flashproxy
Cc: aallai, asn, erinn Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

A VirusTotal analysis of flashproxy-client.exe from the 2.4.7-alpha-1 bundles shows that it is trying to open files under the user name of the user who built the packages (C:\Users\aallai).

https://www.virustotal.com/en/file/2a49d4f5605ebe92e5c41a122795edcae726fe046a303874f123d0ecee856fce/analysis/#behavioural-info

C:\2a49d4f5605ebe92e5c41a122795edcae726fe046a303874f123d0ecee856fce (successful)
C: (failed)
C:\WINDOWS\system32 (failed)
<string> (failed)
C:\WINDOWS\system32\<string> (failed)
C:\2a49d4f5605ebe92e5c41a122795edcae726fe046a303874f123d0ecee856fce?175104\<string> (failed)
C:\Users\aallai\pyinstaller-2.0\PyInstaller\loader\iu.py (failed)
C:\WINDOWS\system32\iu.py (failed)
C:\2a49d4f5605ebe92e5c41a122795edcae726fe046a303874f123d0ecee856fce?175104\iu.py (failed)
C:\Users\aallai\flashproxy\pyinstaller-tmp/build\out00-PYZ.pyz\BaseHTTPServer (failed)
C:\WINDOWS\system32\BaseHTTPServer (failed)
C:\2a49d4f5605ebe92e5c41a122795edcae726fe046a303874f123d0ecee856fce?175104\BaseHTTPServer (failed)
C:\Users\aallai\flashproxy\pyinstaller-tmp/build\out00-PYZ.pyz\socket (failed)
C:\WINDOWS\system32\socket (failed)
C:\2a49d4f5605ebe92e5c41a122795edcae726fe046a303874f123d0ecee856fce?175104\socket (failed)

Same thing happens with the 2.4.7-test-1 bundles I built myself (C:\cygwin\home\zap):
https://www.virustotal.com/en/file/3b144be171f6b9bbf0d7727361d820f5fdad01b09e08d49375238d529fc842cc/analysis/#behavioural-info

Probably other binaries are similarly affected. We should see if there is a way to disable it. Something could go wrong if there happens to be existing files under those names on computers on which the binaries are installed.

I'm assuming that the long names like

C:\3b144be171f6b9bbf0d7727361d820f5fdad01b09e08d49375238d529fc842cc (successful)

are a PyInstaller artifact.

Child Tickets

Change History (3)

comment:1 in reply to:  description Changed 5 years ago by dcf

Replying to dcf:

I'm assuming that the long names like

C:\3b144be171f6b9bbf0d7727361d820f5fdad01b09e08d49375238d529fc842cc (successful)

are a PyInstaller artifact.

I just noticed it is more likely a VirusTotal artifact, because the path is the same as the exe sha256sum.
https://www.virustotal.com/en/file/3b144be171f6b9bbf0d7727361d820f5fdad01b09e08d49375238d529fc842cc/analysis/#behavioural-info

comment:2 Changed 5 years ago by dcf

See #8430, which talks about using py2exe in place of PyInstaller, which may make this problem go away.

comment:3 Changed 5 years ago by dcf

Keywords: flashproxy added
Resolution: fixed
Status: newclosed

Doesn't seem to be a problem now with py2exe.

Note: See TracTickets for help on using tickets.