[Twisted-Python] twistd possible hole

Moshe Zadka m at moshez.org
Sat Sep 22 21:45:44 EDT 2001

On Sat, 22 Sep 2001, Glyph Lefkowitz <glyph at twistedmatrix.com> wrote:

> I understand your concern, but I don't think we can classify it as a "hole"
> unless it violates a specified invariant.

It's not a "hole" per-se, I just don't like "trusting" the current directory.
The setups I'm talking about are things similar to the default deployment
strategy in "tap2deb" (obviously, because I wrote it ;-)
Note that the master tap is in /etc, out of reach of the twistd process
(assuming it's not running as root)
So, that means we can safely say "breaking into twistd and tricking it
cannot result in permanent changes". Except for the sys.path thing
obviously. Yes, the -shutdown pickles under /var will be re-written,
but they are used only when it is a concious decision by the admin.

If we want plugin directories, then let's specify which directories there
are. I suggest an option to twistd to append some directory to the plugin
search path.

> So, what are our invariants?

Basically, I want the invariant "permanent changes twistd can make
are untrusted". Which is the usual invariant -- common Apache configurations
are that way, Zope tries to do so. Of course, failures are possible...
we just gotta try hard.
The Official Moshe Zadka FAQ: http://moshez.geek
The Official Moshe Zadka FAQ For Dummies: http://moshez.org
Read the FAQ

More information about the Twisted-Python mailing list