[Python-Dev] PEP 3147, __pycache__ directories and umask
Russell E. Owen
rowen at uw.edu
Tue Mar 23 20:49:26 CET 2010
In article <4BA80418.6030905 at canterbury.ac.nz>,
Greg Ewing <greg.ewing at canterbury.ac.nz> wrote:
> Antoine Pitrou wrote:
>
> > In light of this issue, I'm -0.5 on __pycache__ becoming the default
> > caching
> > mechanism. The directory ownership/permissions issue is too much of a mess,
> > especially for Web applications (think __pycache__ files created by the
> > Apache
> > user).
>
> Doesn't the existing .pyc mechanism have the same problem? Seems
> to me it's just as insecure to allow the Apache user to create
> .pyc files, since an attacker could overwrite them with arbitrary
> bytecode.
>
> The only safe way is to pre-compile under a different user and
> make everything read-only to Apache. The same thing would apply
> under the __pycache__ regime.
This does sound like a bit security hole both in existing Python and the
new __pycache__ proposed mechanism. It seems like this is the time to
address it, while changing the caching mechanism.
If .pyc files are to be shared, it seems essential to (by default)
generate them at install time and make them read-only for unprivileged
users.
This in turn implies that we may have to give up some support for
dragging python modules into site-packages, e.g. not generate .pyc files
for such modules. At least if we go that route it will mostly affect
power users, who can presumably cope.
-- Russell
More information about the Python-Dev
mailing list