Hello World
Chris Angelico
rosuav at gmail.com
Mon Dec 22 01:33:10 EST 2014
On Mon, Dec 22, 2014 at 5:21 PM, Steve Hayes <hayesstw at telkomsa.net> wrote:
> Yes, my initial reaction was "that's awesome".
>
> And my second thought was that it was scary.
>
> I ran it. It worked, and printed "Hello world". I was awed.
>
> But what if I had run it and it reformatted my hard disk?
>
> How would I have known that it would or wouldn't do that?
You trust that (a) Steven D'Aprano isn't going to give you outright
malicious code (or that he trusts that the original author won't), and
that (b) your hard disk cannot be reformatted by a non-root user.
Every major platform has this kind of privilege separation (Windows
doesn't call it "root" but "Administrator", but the effect is, AIUI,
equivalent), so unless you're running random scripts from the internet
with maximum privileges, you should be safe.
Frankly, though, it's no worse than downloading binary code from the
internet and running it. How do you know that the executable you just
downloaded really is what it claims to be, that you didn't get some
MITM shipping you a malicious binary? Yet men and women do this every
day, with none to say "Oh the pity of it", save me and fools like me.
ChrisA
More information about the Python-list
mailing list