[Tutor] What are security holes?

dman dsh8290 at rit.edu
Sun Jan 27 22:18:07 CET 2002


On Sun, Jan 27, 2002 at 11:17:34AM -0800, Mishre wrote:
| dman <dsh8290 at rit.edu> wrote in message news:<mailman.1012074223.11276.python-list at python.org>...
| > On Sat, Jan 26, 2002 at 02:09:21PM +0100, A wrote:
| > | We are going to install Python on our  Linux server. Are there any 
| > | security holes for hackers? What would  we be careful about and 
| > | how we should set it up? Are there any guidelines for installing 
| > | Python?
| > 
| > # apt-get install python2.2
| > 
| > :-)  (well, if by "linux" you mean the "debian" distribution)
| > 
| > The problem with having python is the same one you will have with
| > perl, sh, gcc, g++, ruby, tcl, etc.  Each of those allows a person to
| > instruct the computer to do something.  You certainly don't want to
| > make your python binary SUID root or something.
| > 
| > I am not aware of any "gotchas" wrt to installing python on a system.
| 
| One way around this is to use Gordon McMillan's Installer[1] to create
| standalone programs, which do not require Python to be installed. 

As I understand it, the program still requires python.  The only
difference is the installer has python bundled with the program so the
end-user doesn't (necessarily) realize that.  It is just an installer,
not a compiler.

-D

-- 

In my Father's house are many rooms; if it were not so, I would have
told you.  I am going there to prepare a place for you.  And if I go and
prepare a place for you, I will come and take you to be with me that you
also may be where I am.
        John 14:2-3 





More information about the Python-list mailing list