configparser v/s file variables
Jim Lee
jlee54 at gmail.com
Thu Jun 28 13:48:38 EDT 2018
On 06/28/18 00:46, Steven D'Aprano wrote:
>
> Yes, attacks by trusted insiders are the hardest to defend against.
> Betrayal of trust sucks. Trusted users with sufficient privileges could
> just modify the source code of your application or of Python itself. They
> could also attack your system in a thousand different ways.
>
> But what about untrusted users with fewer privileges? They *can't* modify
> the source code of your application, or change the password on other
> accounts, or read arbitrary files, or masquerade as other users. Because
> they have unprivileged accounts.
>
> So why give them the ability to escalate their privilege to that of your
> application (which probably can do lots of things they can't do) by
> directly executing Python code they supply?
??? I don't follow. I never suggested allowing someone the ability to
directly execute user-supplied Python code. However, if they have the
privileges necessary to run the application, I don't see the security
risk. Many applications have embedded scripting engines that do just that.
> Your argument is akin to:
>
> "I gave my partner a key to my house, and they could rob me blind if they
> want. Since I trust them not to, there's no point in locking the door to
> the house when I go out, since they have a key."
>
>
>
Not exactly. The original question was about reading config variables
from a file in Python. That sort of thing didn't suggest (to me) a
world-facing web app or other security-conscious situation.
It's more like leaving the door unlocked while I'm home...
-Jim
More information about the Python-list
mailing list