[Twisted-Python] twistd possible hole

Moshe Zadka m at moshez.org
Fri Sep 21 08:35:17 MDT 2001


twistd adds the running-directory to the system include path.
I'm not sure I like it, because it must have write access
to the running directory to dump pickles, and having applications
have write permissions there. What's more, in the case where
the running directory is shared between several twistd instances,
it means one twistd instance can corrupt others via messing with
their path. Why was it done? If there is no good reason,
I suggest we drop it.

-- 
The Official Moshe Zadka FAQ: http://moshez.geek
The Official Moshe Zadka FAQ For Dummies: http://moshez.org
Read the FAQ





More information about the Twisted-Python mailing list