[New-bugs-announce] [issue2051] PYO file permission problem

stocker81 report at bugs.python.org
Fri Feb 8 20:28:32 CET 2008


New submission from stocker81:

Python's interpreter doesn't keep proper file permissions after
importing library. See the fallowing:

mk at laptop ~ $ echo "key='top secret'" > key.py
mk at laptop ~ $ chmod 600 key.py 
mk at laptop ~ $ python
Python 2.4.4 (#1, Jan  8 2008, 21:22:16) 
[GCC 4.1.2 (Gentoo 4.1.2 p1.0.1)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import key
>>> 
mk at laptop ~ $ ls -l key.py*
-rw------- 1 mk mk  17 II  8 20:09 key.py
-rw-r--r-- 1 mk mk 120 II  8 20:09 key.pyc
mk at laptop ~ $ 

So, interpreter creates 644 pyo file (visible for all) which contains
secret data from 600 py file.
I think it should keep the original permissions, someone can save a
important data (eg. SQL login/pwd into Django's settings.py) into
library and makes it visible for all by an accident.

----------
components: None
messages: 62203
nosy: stocker81
severity: normal
status: open
title: PYO file permission problem
type: security
versions: Python 2.4

__________________________________
Tracker <report at bugs.python.org>
<http://bugs.python.org/issue2051>
__________________________________


More information about the New-bugs-announce mailing list