How to marshal a function?
Kragen Sitaker
kragen at canonical.org
Tue Nov 20 06:41:47 EST 2001
Cliff Wells <logiplexsoftware at earthlink.net> writes:
> On Wednesday 14 November 2001 15:10, François Pinard wrote:
> > Besides, I feel a bit safe as I channel these Python services through
> > `ssh', which provides enough user authentication for us, so I presume.
>
> Well, that's a different story altogether =) If you weren't using ssh, it
> would be a huge security hole.
Not necessarily. You need to know more about his setup than whether
or not he is using ssh to know whether some process trusting data it
receives over a network is "a huge security hole". For example, if
his intended security policy is that anyone on the network should be
able to run arbitrary Python code on the server, it is not a security
hole, ssh or no ssh. This is a reasonable security policy for many
networks, like the one in my bedroom. (In today's virus-prone world,
perhaps it isn't the best security policy, but it's a reasonable one.)
On the other hand, if the machine he's sending the arbitrary code from
is poorly secured (relative to whatever his threat model is), allowing
a program on that machine to run arbitrary code on the other machine
is a security hole, ssh or no ssh. (Although if ssh is permitting him
to run arbitrary code anyway, it's not his program's fault if it's
insecure.)
It irks me when people have such a glib attitude about security; it
reminds me of newspaper agony aunts who are happy to recommend that a
woman leave her husband on the basis of two ambiguous sentences of
complaints. To know whether something is "a security hole" requires,
at least, that you know what threats you want to defend against and
what threats might actually exist.
More information about the Python-list
mailing list