[Twisted-Python] tap security problem

Paul Boehm typo at soniq.net
Sat Oct 5 08:48:22 EDT 2002


tap uid/gid data allows privilege separation.

As uid/gid are part of the Application, a compromised application can write
a shutdown.tap with different uid/gids. in a typical setting the new
shutdown.tap will be read on the next startup, to enjoy persistence.

i think the seperation between config options that are handled by mktap,
and those handled by twistd needs to be refined.

  paul




More information about the Twisted-Python mailing list