[Twisted-Python] twistd --uid and --logfile

twisted-web at udmvt.ru twisted-web at udmvt.ru
Thu Aug 19 03:06:02 EDT 2010


On Wed, Aug 18, 2010 at 04:01:52PM -0000, exarkun at twistedmatrix.com wrote:
> On 03:35 pm, p.mayers at imperial.ac.uk wrote:
> >On 18/08/10 10:25, twisted-web at udmvt.ru wrote:
> >>I think --uid option is too dangerous.
> >>sudo or su or setuidgid (from http://cr.yp.to/daemontools.html) is 
> >>more
> >>appropriate for changing uids.
> >
> >In all cases? I think not.
> 
> Making the directory world writeable is certainly insane and dangerous. 
> But in the case where the directory is only writeable by the user the 
> daemon is going to run as, and access to that user is restricted, I 
> don't see a problem.
The problem is that you trust that user an ability to destroy any root-writeable
file contents, but you most likely do not realize that, so you most likely don't
take any extra measures to protect yourself.
For "most of the cases" it could be OK, but for the minority of others
it would be a disaster.


-- 
Alexey.



More information about the Twisted-Python mailing list