[Twisted-Python] Question regarding widgets

Steve Waterbury waterbug at beeblebrox.gsfc.nasa.gov
Tue Nov 5 23:54:28 MST 2002


Moshe Zadka wrote:
> 
> On Wed, 06 Nov 2002, Steve Waterbury <waterbug at beeblebrox.gsfc.nasa.gov> wrote:
> 
> > How is having "." on your PYTHONPATH a serious security hole?
> > (Of course it shouldn't be on _root_'s PYTHONPATH, but how is
> > it bad for a regular user?)
> 
> What if you run a Python program from /tmp?  ... [etc.]

Perhaps I am protected by a higher level of general paranoia: 
I would never run anything from /tmp (or any other directory 
where just anyone could write something into, but especially 
not from /tmp!).  I only run Python scripts either from inside 
my home dir (for which I leave the RH default perms, drwx------) 
or from a root-writable-only dir such as /usr/local/... 
(if somebody's hacked root, I've got bigger problems anyway!).  

Of course, the conversation started with Windows, and I have 
no idea what the implications are there ... probably much more 
dire, like everything else on Windows.  ;^)  

Cheers,
-- Steve.




More information about the Twisted-Python mailing list