How to marshal a function?

Cliff Wells logiplexsoftware at earthlink.net
Tue Nov 20 19:44:35 CET 2001


On Tuesday 20 November 2001 03:41, Kragen Sitaker wrote:
> Cliff Wells <logiplexsoftware at earthlink.net> writes:
> > On Wednesday 14 November 2001 15:10, François Pinard wrote:
> > > Besides, I feel a bit safe as I channel these Python services
> > > through `ssh', which provides enough user authentication for us, so
> > > I presume.
> >
> > Well, that's a different story altogether =)  If you weren't using
> > ssh, it would be a huge security hole.
>
> Not necessarily.  You need to know more about his setup than whether
> or not he is using ssh to know whether some process trusting data it
> receives over a network is "a huge security hole".  For example, if
> his intended security policy is that anyone on the network should be
> able to run arbitrary Python code on the server, it is not a security
> hole, ssh or no ssh.  This is a reasonable security policy for many
> networks, like the one in my bedroom.  (In today's virus-prone world,
> perhaps it isn't the best security policy, but it's a reasonable one.)
>
> On the other hand, if the machine he's sending the arbitrary code from
> is poorly secured (relative to whatever his threat model is), allowing
> a program on that machine to run arbitrary code on the other machine
> is a security hole, ssh or no ssh.  (Although if ssh is permitting him
> to run arbitrary code anyway, it's not his program's fault if it's
> insecure.)
>
> It irks me when people have such a glib attitude about security; it
> reminds me of newspaper agony aunts who are happy to recommend that a
> woman leave her husband on the basis of two ambiguous sentences of
> complaints.  To know whether something is "a security hole" requires,
> at least, that you know what threats you want to defend against and
> what threats might actually exist.

Actually, I read his post _very_ carefully and decided that what he was 
saying is that he is routing the port that his server is listening on over 
ssh.  This is probably reasonably secure for most circumstances.  
Additionally, since his attitude was similar to yours (annoying), I 
decided to end it by agreeing with him, which I find to be the quickest 
way to avoid wasting my time with people who flame rather than discuss.

You are absolutely right: no one can decide except him whether his 
security is sufficient, hence everyone should avoid offering advice on the 
subject in case someone may disagree with you.

Regards,

-- 
Cliff Wells
Software Engineer
Logiplex Corporation (www.logiplex.net)
(503) 978-6726 x308
(800) 735-0555 x308




More information about the Python-list mailing list