[Twisted-Python] Question regarding widgets
waterbug at beeblebrox.gsfc.nasa.gov
Wed Nov 6 01:54:28 EST 2002
Moshe Zadka wrote:
> On Wed, 06 Nov 2002, Steve Waterbury <waterbug at beeblebrox.gsfc.nasa.gov> wrote:
> > How is having "." on your PYTHONPATH a serious security hole?
> > (Of course it shouldn't be on _root_'s PYTHONPATH, but how is
> > it bad for a regular user?)
> What if you run a Python program from /tmp? ... [etc.]
Perhaps I am protected by a higher level of general paranoia:
I would never run anything from /tmp (or any other directory
where just anyone could write something into, but especially
not from /tmp!). I only run Python scripts either from inside
my home dir (for which I leave the RH default perms, drwx------)
or from a root-writable-only dir such as /usr/local/...
(if somebody's hacked root, I've got bigger problems anyway!).
Of course, the conversation started with Windows, and I have
no idea what the implications are there ... probably much more
dire, like everything else on Windows. ;^)
More information about the Twisted-Python