[Twisted-Python] Question regarding widgets
Steve Waterbury
waterbug at beeblebrox.gsfc.nasa.gov
Tue Nov 5 23:54:28 MST 2002
Moshe Zadka wrote:
>
> On Wed, 06 Nov 2002, Steve Waterbury <waterbug at beeblebrox.gsfc.nasa.gov> wrote:
>
> > How is having "." on your PYTHONPATH a serious security hole?
> > (Of course it shouldn't be on _root_'s PYTHONPATH, but how is
> > it bad for a regular user?)
>
> What if you run a Python program from /tmp? ... [etc.]
Perhaps I am protected by a higher level of general paranoia:
I would never run anything from /tmp (or any other directory
where just anyone could write something into, but especially
not from /tmp!). I only run Python scripts either from inside
my home dir (for which I leave the RH default perms, drwx------)
or from a root-writable-only dir such as /usr/local/...
(if somebody's hacked root, I've got bigger problems anyway!).
Of course, the conversation started with Windows, and I have
no idea what the implications are there ... probably much more
dire, like everything else on Windows. ;^)
Cheers,
-- Steve.
More information about the Twisted-Python
mailing list