[Tutor] Security [Was: Re: Decoding]
Luke Paireepinart
rabidpoobear at gmail.com
Tue Aug 14 18:44:37 CEST 2007
Eric Brunson wrote:
> Michael Sparks wrote:
>
>> On Monday 13 August 2007 21:53, Kent Johnson wrote:
>>
>>
>>> Hmm...could be a remote connection such as ssh, which precludes the
>>> sledgehammer though probably not the sort of mischief you can get into
>>> with eval()...perhaps there are untrusted remote connections where
>>> eval() would still be a significant risk, I don't know...
>>>
>>>
>> If they can ssh into a box, the likelihood of that ssh connection *only*
>> allowing them access to run that single python program strikes me as
>> vanishingly small :-)
>>
>>
>>
>
> Unless you set it up that way specifically, i.e. making the interactive
> python program their login shell or specifying it to be run in their
> .ssh/config.
>
>
> P.S.
> Michael, sorry for the double post to you, I missed the "reply all"
> button the first time.
>
I don't think you missed on account of me receiving two e-mails as well. :)
-Luke
More information about the Tutor
mailing list