[Tutor] Security [Was: Re: Decoding]

Eric Brunson brunson at brunson.com
Tue Aug 14 18:46:47 CEST 2007


Luke Paireepinart wrote:
> Eric Brunson wrote:
>> Michael Sparks wrote:
>>  
>>> On Monday 13 August 2007 21:53, Kent Johnson wrote:
>>>      
>>>> Hmm...could be a remote connection such as ssh, which precludes the
>>>> sledgehammer though probably not the sort of mischief you can get into
>>>> with eval()...perhaps there are untrusted remote connections where
>>>> eval() would still be a significant risk, I don't know...
>>>>           
>>> If they can ssh into a box, the likelihood of that ssh connection 
>>> *only* allowing them access to run that single python program 
>>> strikes me as vanishingly small :-)
>>>
>>>       
>>
>> Unless you set it up that way specifically, i.e. making the 
>> interactive python program their login shell or specifying it to be 
>> run in their .ssh/config.
>>
>>
>> P.S.
>> Michael, sorry for the double post to you, I missed the "reply all" 
>> button the first time.
>>   
> I don't think you  missed on account of me receiving two e-mails as 
> well. :)
> -Luke

Python:  easy
Email: hard

;-)





More information about the Tutor mailing list