[Twisted-Python] tap security problem

Glyph Lefkowitz glyph at twistedmatrix.com
Sat Oct 5 14:53:05 EDT 2002

On Sat, 5 Oct 2002 14:48:22 +0200, Paul Boehm <typo at soniq.net> wrote:
> As uid/gid are part of the Application, a compromised application can write
> a shutdown.tap with different uid/gids.

Why, in a security-conscious environment, are you allowing the uid/gid that the
server is running as to even _read_ the .tap?  In any event, the .tap is
effectively an SUID binary, and should be writable only by root.

The whole notion of this automatic persistence is somewhat at odds with that of
security - .tap persistence is very explicitly designed to have no security
constraints whatsoever, but to be very convenient.  If you need both
persistence and security, then you have to design your persistence mechanism to
constrain what can be persisted.  Pickle effectively allows literal code to be
stored and executed.

 |    <`'>    |  Glyph Lefkowitz: Traveling Sorcerer   |
 |   < _/ >   |  Lead Developer,  the Twisted project  |
 |  < ___/ >  |      http://www.twistedmatrix.com      |
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://twistedmatrix.com/pipermail/twisted-python/attachments/20021005/b441f6d6/attachment.pgp 

More information about the Twisted-Python mailing list