[Twisted-Python] Current Working Directory - Just say no
Glyph Lefkowitz
glyph at twistedmatrix.com
Wed Aug 29 18:23:04 EDT 2001
OK, I'll remove it because it seems redundant (Twisted directory + your home
directory seems like a fairly complete default set...) However, I don't really
agree... how is the current working directory more or less "secure" than the
contents of the environment variable $HOME? We're importing python modules
with __import__ anyway; it's a pretty massive security hole if hostile users
can write to your current directory already (as it is normally on sys.path)
On Wed, Aug 29, 2001 at 09:49:59PM +0300, Moshe Zadka wrote:
> Glyph, please, please remove the currentDirectory from the plugins
> list. This is a security hole waiting to happen.
>
> This is your brain.
> This is your brain in the current working directory.
--
______ __ __ _____ _ _
| ____ | \_/ |_____] |_____|
|_____| |_____ | | | |
@ t w i s t e d m a t r i x . c o m
http://twistedmatrix.com/users/glyph
More information about the Twisted-Python
mailing list