[Python-Dev] PEP 3147, pycache directories and umask (original) (raw)
Russell E. Owen rowen at uw.edu
Tue Mar 23 20:49:26 CET 2010
- Previous message: [Python-Dev] PEP 3147, __pycache__ directories and umask
- Next message: [Python-Dev] PEP 3147, __pycache__ directories and umask
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In article <4BA80418.6030905 at canterbury.ac.nz>, Greg Ewing <greg.ewing at canterbury.ac.nz> wrote:
Antoine Pitrou wrote:
> In light of this issue, I'm -0.5 on pycache becoming the default > caching > mechanism. The directory ownership/permissions issue is too much of a mess, > especially for Web applications (think pycache files created by the > Apache > user). Doesn't the existing .pyc mechanism have the same problem? Seems to me it's just as insecure to allow the Apache user to create .pyc files, since an attacker could overwrite them with arbitrary bytecode. The only safe way is to pre-compile under a different user and make everything read-only to Apache. The same thing would apply under the pycache regime.
This does sound like a bit security hole both in existing Python and the new pycache proposed mechanism. It seems like this is the time to address it, while changing the caching mechanism.
If .pyc files are to be shared, it seems essential to (by default) generate them at install time and make them read-only for unprivileged users.
This in turn implies that we may have to give up some support for dragging python modules into site-packages, e.g. not generate .pyc files for such modules. At least if we go that route it will mostly affect power users, who can presumably cope.
-- Russell
- Previous message: [Python-Dev] PEP 3147, __pycache__ directories and umask
- Next message: [Python-Dev] PEP 3147, __pycache__ directories and umask
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]