Anonymous
10/30/2025, 1:33:06 AM
No.107048092
>>107047140
This anon >>107047183 is 100% correct. Python tool is ass.
But I'll go one step further and say that memory safety is pretty useful for a package manager. Production environments will often run the apps/services with restricted accounts and system permissions, but it's likely the environment management tooling like install/update scripts are running with a more permissive account and system permissions. So you crafted a supply-chain attack against the package manager rather than against the app itself, you can probably get deeper into the host system.
That and a lot of package managers will have access to more diverse runtime environments than the apps/services. e.g. instead of simply attacking the Python environment, you could do naughty stuff with the build tools. Larger surface area to scrape together vulnerabilities into an attack chain.
This anon >>107047183 is 100% correct. Python tool is ass.
But I'll go one step further and say that memory safety is pretty useful for a package manager. Production environments will often run the apps/services with restricted accounts and system permissions, but it's likely the environment management tooling like install/update scripts are running with a more permissive account and system permissions. So you crafted a supply-chain attack against the package manager rather than against the app itself, you can probably get deeper into the host system.
That and a lot of package managers will have access to more diverse runtime environments than the apps/services. e.g. instead of simply attacking the Python environment, you could do naughty stuff with the build tools. Larger surface area to scrape together vulnerabilities into an attack chain.