[Python-ideas] Draft PEP: Standard daemon process library
python-ideas-list at trentnelson.com
Wed Jan 28 04:38:42 CET 2009
On Wed, Jan 28, 2009 at 02:24:27PM +1100, Ben Finney wrote:
> (I'm only addressing commentary on the current PEP here. Comparisons
> to MS Windows services have been addressed in other messages.)
(I've run out of steam trying to argue the virtues of cross-
platform modules, so I'm only commenting on Ben's commentary
on my commentary.)
> Trent Nelson writes:
> > On Wed, Jan 28, 2009 at 01:15:41PM +1100, Ben Finney wrote:
> > > `prevent_core`
> > > :Default: ``True``
> > >
> > > If true, prevents the generation of core files, in order to
> > > avoid leaking sensitive information from daemons run as
> > > `root`.
> > I was going to suggest service.set_secure(True)
> That name implies something emphatically not true: that a program's
> security is a binary toggle, and it can be turned on or off.
> > but then I wondered what is this actually achieving? Won't the
> > resulting .core will be owned by root?
> Yes. Which is less secure than never creating the core file at all.
I must be missing something. This seems like a false sense of
security. The core file is owned by root. Someone will need
root access in order to read it. If someone has root access,
and has malevolent intentions, it's game over, .core file or
More information about the Python-ideas