[Twisted-Python] Current Working Directory - Just say no
Glyph, please, please remove the currentDirectory from the plugins list. This is a security hole waiting to happen. This is your brain. This is your brain in the current working directory. -- The Official Moshe Zadka FAQ: http://moshez.geek The Official Moshe Zadka FAQ For Dummies: http://moshez.org Read the FAQ
OK, I'll remove it because it seems redundant (Twisted directory + your home directory seems like a fairly complete default set...) However, I don't really agree... how is the current working directory more or less "secure" than the contents of the environment variable $HOME? We're importing python modules with __import__ anyway; it's a pretty massive security hole if hostile users can write to your current directory already (as it is normally on sys.path) On Wed, Aug 29, 2001 at 09:49:59PM +0300, Moshe Zadka wrote:
Glyph, please, please remove the currentDirectory from the plugins list. This is a security hole waiting to happen.
This is your brain. This is your brain in the current working directory.
-- ______ __ __ _____ _ _ | ____ | \_/ |_____] |_____| |_____| |_____ | | | | @ t w i s t e d m a t r i x . c o m http://twistedmatrix.com/users/glyph
participants (2)
-
Glyph Lefkowitz -
Moshe Zadka