embedding/parsing script
Erik Max Francis
max at alcyone.com
Mon Dec 9 15:21:23 EST 2002
Carl Banks wrote:
> However, I highly doubt that rexec is rated safe enough to allow
> arbitrary people to execute scripts as root. If that's what your
> application does, I highly recommend you find a way to run the scripts
> without root privledges. I agree with the suggestion that it might be
> better to use a program designed with this in mind. Security is a
> very difficult and complex issue, and easy to mess up.
Indeed. I believe the documentation for the rexec module points out
that RExecs are probably not to be trusted as being very secure.
There's also the issue that RExecs don't protect against basic DOS
attacks that don't involve doing insecure things; using RExec won't
prevent someone malicious from consuming excessive CPU or using up too
much memory.
--
Erik Max Francis / max at alcyone.com / http://www.alcyone.com/max/
__ San Jose, CA, USA / 37 20 N 121 53 W / &tSftDotIotE
/ \ Yes I'm / Learning from falling / Hard lessons
\__/ Lamya
The laws list / http://www.alcyone.com/max/physics/laws/
Laws, rules, principles, effects, paradoxes, etc. in physics.
More information about the Python-list
mailing list