[IronPython] Default install location and site-packages
Giles Thomas
giles.thomas at resolversystems.com
Tue Oct 6 19:53:17 CEST 2009
Michael Foord wrote:
> (I'm honestly not sure how creating a writable directory is a security
> issue?)
I suspect people are thinking of an attack where an untrusted user
installs a package that looks like a normal one, but actually does
something nefarious like install a rootkit (and perhaps does what the
package is meant to do as well). If the administrator then uses the
package, the machine is compromised.
Cheers,
Giles
--
Giles Thomas
giles.thomas at resolversystems.com
+44 (0) 20 7253 6372
17a Clerkenwell Road, London EC1M 5RD, UK
VAT No.: GB 893 5643 79
Registered in England and Wales as company number 5467329.
Registered address: 843 Finchley Road, London NW11 8NA, UK
More information about the Ironpython-users
mailing list