[Twisted-Python] tap security problem

Itamar Shtull-Trauring twisted at itamarst.org
Wed Oct 9 20:17:56 MDT 2002


On Thu, 10 Oct 2002 03:44:45 +0200
Paul Boehm <typo at soniq.net> wrote:

> as i see it, tap r/w access shouldn't be any different from application code access 
> in terms of severity.

Sure - allow reads but *NOT*!!! writes. Because if you let var-www write to python code that's going to be imported by a suid root app you're in a bad situation.

If your tap is run by root it should not be writable by non-root users.

-- 
Itamar Shtull-Trauring    http://itamarst.org/
Available for Python, Twisted, Zope and Java consulting




More information about the Twisted-Python mailing list