[Tutor] What are security holes?
dsh8290 at rit.edu
Sun Jan 27 22:18:07 CET 2002
On Sun, Jan 27, 2002 at 11:17:34AM -0800, Mishre wrote:
| dman <dsh8290 at rit.edu> wrote in message news:<mailman.1012074223.11276.python-list at python.org>...
| > On Sat, Jan 26, 2002 at 02:09:21PM +0100, A wrote:
| > | We are going to install Python on our Linux server. Are there any
| > | security holes for hackers? What would we be careful about and
| > | how we should set it up? Are there any guidelines for installing
| > | Python?
| > # apt-get install python2.2
| > :-) (well, if by "linux" you mean the "debian" distribution)
| > The problem with having python is the same one you will have with
| > perl, sh, gcc, g++, ruby, tcl, etc. Each of those allows a person to
| > instruct the computer to do something. You certainly don't want to
| > make your python binary SUID root or something.
| > I am not aware of any "gotchas" wrt to installing python on a system.
| One way around this is to use Gordon McMillan's Installer to create
| standalone programs, which do not require Python to be installed.
As I understand it, the program still requires python. The only
difference is the installer has python bundled with the program so the
end-user doesn't (necessarily) realize that. It is just an installer,
not a compiler.
In my Father's house are many rooms; if it were not so, I would have
told you. I am going there to prepare a place for you. And if I go and
prepare a place for you, I will come and take you to be with me that you
also may be where I am.
More information about the Python-list