[Python-Dev] Re: privacy in log files?
M.-A. Lemburg
mal@lemburg.com
Wed, 19 Feb 2003 21:29:05 +0100
Guido van Rossum wrote:
> I found this comment in Parser/tokenizer.c:
>
> /* We don't use PyErr_WarnExplicit() here because
> printing the line in question to e.g. a log file
> could result in sensitive information being
> exposed. */
>
> I didn't see a SF reference there or in the CVS checkin comment, so
> I'm stumped. What's the use case?
The use case is easily explained:
I have gotten a lot of emails from various people about the
new source code encoding feature and the warning that is
generated for code lines which have non-ASCII characters
in them if the file doesn't have a coding header.
Many of these people mentioned that webserver logs (for CGI
scripts) would get flooded with these warnings and that there
is a potential security breach here if a source line is
being copied into to these logs. It is rather common that
these logs are world readable, so passwords and other sensible
information could easily escape the script's source code,
e.g. login information for databases.
> How could copying a line of source
> code to a log file possibly expose information that the owner of the
> log file (often root) doesn't already have access to?
The problem is not the owner of the log file, it's
the access permissions that introduce the problem.
--
Marc-Andre Lemburg
eGenix.com
Professional Python Software directly from the Source (#1, Feb 19 2003)
>>> Python/Zope Products & Consulting ... http://www.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
________________________________________________________________________
Python UK 2003, Oxford: 41 days left
EuroPython 2003, Charleroi, Belgium: 125 days left