[Twisted-Python] tap security problem
Itamar Shtull-Trauring
twisted at itamarst.org
Wed Oct 9 20:17:56 MDT 2002
On Thu, 10 Oct 2002 03:44:45 +0200
Paul Boehm <typo at soniq.net> wrote:
> as i see it, tap r/w access shouldn't be any different from application code access
> in terms of severity.
Sure - allow reads but *NOT*!!! writes. Because if you let var-www write to python code that's going to be imported by a suid root app you're in a bad situation.
If your tap is run by root it should not be writable by non-root users.
--
Itamar Shtull-Trauring http://itamarst.org/
Available for Python, Twisted, Zope and Java consulting
More information about the Twisted-Python
mailing list