How to marshal a function?

Kragen Sitaker kragen at canonical.org
Tue Nov 20 21:42:41 CET 2001


Cliff Wells <logiplexsoftware at earthlink.net> writes:

> On Tuesday 20 November 2001 03:41, Kragen Sitaker wrote:
> > To know whether something is "a security hole" requires,
> > at least, that you know what threats you want to defend against and
> > what threats might actually exist.
> 
> Actually, I read his post _very_ carefully and decided that what he was 
> saying is that he is routing the port that his server is listening on over 
> ssh.  This is probably reasonably secure for most circumstances.  

Well, it probably won't introduce any significant new insecurities,
anyway (assuming ssh is letting him run arbitrary commands, which he
says it is.)  But using ssh for remote execution is neither necessary
nor sufficient for security.

> Additionally, since his attitude was similar to yours (annoying), I 
> decided to end it by agreeing with him, which I find to be the quickest 
> way to avoid wasting my time with people who flame rather than discuss.
> 
> You are absolutely right: no one can decide except him whether his 
> security is sufficient, hence everyone should avoid offering advice on the 
> subject in case someone may disagree with you.

I disagree with your above statements; they are not what I said in my
post.  I said you need to know more information than he posted to
evaluate whether or not a particular trust relationship represents a
security vulnerability.

I wouldn't have bothered to follow up (I'm not fond of flaming either)
if you hadn't misstated my position above.  (If that's what you
thought my position was, it's no wonder you were annoyed.)




More information about the Python-list mailing list